JPCERT-AT-2010-0013
JPCERT/CC
2010-06-01
<<< JPCERT/CC Alert 2010-06-01 >>>
Emails purporting to advise of company internal
malware outbreak contain malware
https://www.jpcert.or.jp/at/2010/at100013.txt
I. Overview
JPCERT/CC has received several reports on emails written in
Japanese which have malware attached as files. These email messages
purport to advise of company internal malware outbreak and lead users
to open the attached files. When a user opens and executes the file
attached to such email, malware may be installed on the PC.
Emails with Japanese subjects and message text increase the chances
for users who receive the emails to open the attachments. Even if the
message text is in Japanese, please pay careful consideration before
opening the attachments.
II. Overview of email with malware attached
So far, JPCERT/CC has confirmed the existence of email messages
such as the following (actual email messages are written in Japanese):
Email subject:
URGENT: All staff involvement in investigating viruses and files
for malicious script
Message text (excerpt):
Please follow the attached manual to investigate if the PCs in
the office are infected with viruses.
Your cooperation is appreciated.
Thank you!
Attached file name:
Virus Check.zip
If the zip file attached to the email is decompressed, a
screen-saver (.scr) file which is disguised as a Microsoft Office
Word icon is extracted. If a user executes the screen-saver file,
malware could be installed on the user's PC. (At the same time, the
document "VIRUS/malicious script investigation" will be opened.)
III. Countermeasures
As of June 1, 2010, the malware used for this attack does not
execute just by viewing the email. Do not open suspicious email
attachments because this malware will be installed by extracting and
executing the attached file.
Users should also consider taking countermeasures, such as keeping
the anti-virus software pattern files updated and scanning email
attachments using the anti-virus software.
IV. References
The Information-technology Promotion Agency, Japan (IPA)
Five hints for handling email attachments
http://www.ipa.go.jp/security/antivirus/attach5.html
If you have any further questions or information regarding this
alert, please contact JPCERT/CC.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top