[Warning] Malicious e-mails disguising as image file were found.

1. Introduction

INCA Internet response team detected various malicious e-mails disguising as image file. In recent years, the number of domestic e-mails is increasing, so extra care is needed. These types of security threats from abroad written in English .the most common form, and e-mail subject and body, attached file have been changed from time to time. In order to deceive, attacker chose compressed file, which contains executable file, for the type of attachment. If you have suspicious file, you can send that file for being diagnosed.

2. Spreading cases and symptom of infection

[Warning] Malicious personal message from fake LinkedIn friend

[Warning] Malicious file about portrait infringement

[Caution] Malicious e-mail about BBB(Better Business Bureau)

Recently this type is various and its title and contents are continuously changing.
Therefore, users need to be careful on these types of e-mails.

Attachment compressed file contains EXE file disguising as image file, upon executing user will be infected by malicious file.

Some of these malicious files use general application icon, other uses Bart Simpson's icon.

Upon starting, it will create "svchost.exe" on All Users folder and will run.

And then, it will modify registry as following.

Path : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name : SunJavaUpdateSched
Data : C:\Documents and Settings\All Users\svchost.exe

This malicious file hasn't tried to connect on certain host; however, it waits TCP connecting. Malicious file can be expected to be worked as a bot by various commands.

3. Summary

Spreading malicious file with e-mail is very traditional. But a lot of users are still trying to open its attachment and being infected. To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.


  1. Here you will definitely find some information about yahoo spy applications and some advice on how to use them

  2. Happy Glass is a casual physics-based puzzle game with hundreds of levels to unlock and solve.

  3. I totally agree with this post and believe that internet , emails have been a medium for viruses like Malwares and need strict jurisdiction .

  4. I thought I'd grow up and do whatever I want. But this is not the case when it comes to homework. Over the course of my two-week pneumonia, my college assignments had piled into a mountain ready to bury me under. Thanks for Rankmywriter service taking some load off my shoulders.

  5. This comment has been removed by the author.

  6. Thanks for taking the time to discuss that, I feel strongly about this and so really like getting to know more on this https://ukbestessays.org/brillassignment-review/ kind of field. Do you mind updating your blog post with additional insight? It should be really useful for all of us.

  7. Good summary. That's detailed steps instagram font beauty quotes.