July 14th is a big day in the French calendar as it celebrates the anniversary of the storming of the Bastille in 1789.
Concerts and parades are held to celebrate La Fete Nationale, marking what is considered the birth of the modern French nation.
July 14th is just a couple of days away, of course. But that doesn’t mean that there isn’t still time to decide what you’re going to do if you want to celebrate Bastille Day.
And it doesn’t mean that there’s not an opportunity for malware authors to take advantage.
Here’s one of a wave of spam messages being sent out to French email addresses, and intercepted by the experts in SophosLabs:
Subject: Bastille Day
Attached file: BastilleDay.rar
Message body:
Bastille Day activities .See the attachment.
The attachment is, of course, malicious.
Inside the RAR archive attached to the emails is a file called
short-BASTIL_1.SCR
which has a text Notepad icon. That will be enough to probably fool many people into believing that it is a harmless text file.
Opening the SCR file (which Sophos detects as Troj/Mdrop-DPB) drops another file called WindowsUpdate.exe onto your computer and displays the following message in Notepad.
This is clearly designed to continue the illusion that you have only opened a harmless TXT file.
Bastille Day Festival Just Several days Away
Don't forget to mark your calendar for the biggest French festival of the year -- the 9th Annual Bastille Day festival on July 10, 2011, from noon to 8:00 p.m.
The festival features live music all day long, with an evening headliner act of "Le Jazz" with the Patrick Lamb Band as well as performances by the Portland Ballet and Portland Opera.
The popular beer and wine garden will feature Lillet aperitifs, Kronenbourg beer, and Georges Duboeuf wine; look for a whole block of food booths as well.
Visitors will enjoy shopping the crafts and vendor booths and handcrafted items, including original art. Children will enjoy the kids activity area, where they can do crafts, spin the wheel for prizes, learn how to play petanque, or how to hula hoop.
Sophos detects the WindowsUpdate.exe malware dropped on victims' computers as Troj/Agent-SNH.
What's strange about their entire attack is that it is clearly targeting French people, but is the social engineering is conducted entirely in English. You have to think that the malicious hackers behind the campaign would have been more successful if they had used French language throughout.
Whether you're a Francophile or not, don't let malware rain on your parade. Always be suspicious of unsolicited email attachments that are emailed to you out of the blue, and ensure that you have defences in place to protect against the threats of malware and spam.
Leave a reply
