Malicious email attachment targets aspiring musicians

 

Gallery

Posted on 4 May 2010 at 12:10

We're used to seeing malicious files and links distributed in emails that purport to contain news stories, DHL delivery notes and methods of increasing every man's favourite asset. However, a new take on these is targetting aspiring musicians.

Webroot's Andrew Brandt encountered a message appearing to be from a label called Rock On Records, which claims to include an attached record contract. With so many independent musicians using the internet to distribute and promote their work, an offer of a deal with a record label is enough to make many young hopefuls set aside common sense for long enough to get infected.

The message Webroot investigated reads in part: “We have prepared a contract and added the paragraphs that you wanted to see in it. Our lawyers made alterations on the last page. If you agree with all the provisions we are ready to make the payment on Friday for the first consignment. We are enclosing the file with the prepared contract.”

The file containing the "contract" (spelled "conract" in the sample Webroot looked at) proved to in fact be a malicious program identified by Webroot as Trojan-Downloader-Tacticlol (other anti-virus suites identify it variously as Oficla, Sasfis, Fregee or Losabel).

Once the attachment is run, it pulls down and runs other malicious programs to further compromise and exploit your system. For most users, one of the worst case scenarios of a malware attack is that their PC could be rendered unusable. This was the case when Webroot investigated Tacticol. Describing the aftermath of the malware infection, Brandt writes: "I rebooted the machine to see what would happen next. As a result of a system modification, the PC would bluescreen the minute I powered it on. The machine was rendered unable to boot, even into Safe Mode."

The malicious file is disguised as a Word document, easily done as Windows systems hide file extensions by default, making the malicious .doc.exe file appear to be an innocent Word .doc file. Like Andrew Brandt, we recommend disabling Windows' extension hiding by clearing the Hide extensions for known file types checkbox in the Folder Options dialog in Windows Explorer.

It's also important to install anti-malware software and keep it updated. Microsoft's Security Essentials is free an integrates perfectly with Windows.

Author: Kat Orphanides