INCA Internet response team detected various malicious e-mails disguising as image file. In recent years, the number of domestic e-mails is increasing, so extra care is needed. These types of security threats from abroad written in English .the most common form, and e-mail subject and body, attached file have been changed from time to time. In order to deceive, attacker chose compressed file, which contains executable file, for the type of attachment. If you have suspicious file, you can send that file for being diagnosed.
2. Spreading cases and symptom of infection
Recently this type is various and its title and contents are continuously changing.
Therefore, users need to be careful on these types of e-mails.
Some of these malicious files use general application icon, other uses Bart Simpson's icon.
Upon starting, it will create "svchost.exe" on All Users folder and will run.
And then, it will modify registry as following.
This malicious file hasn't tried to connect on certain host; however, it waits TCP connecting. Malicious file can be expected to be worked as a bot by various commands.
Spreading malicious file with e-mail is very traditional. But a lot of users are still trying to open its attachment and being infected. To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.