A series of emails with malware attachments have been widely distributed in the last few days. The emails alert the recipient about a picture of themselves (or an ex-girlfriend) that has been circulated online. The text from three of the messages is shown below:
Sorry to disturb you , – I have a question- have you seen this picture of yours in attachment?? Three facebook friends sent it to me today… why did you put it online? wouldn’t it harm your job? what if parents see it? you must be way cooler than I thought about you man
Hi there ,But I really need to ask you – is it you at this picture in attachment? I can’t tell you where I got this picture it doesn’t actually matter…The question is is it really you???.
Sorry to disturb you , – I got to show you this picture in attachment. I can’t tell who gave it to me sorry but this chick looks a lot like your ex-gf. But who’s that dude??.
The “image” is attached to the emails for convenience and the filename in all samples was identical: “IMG0962.zip”. The unzipped file displays a PDF icon – which may confuse recipients whose computers do not display file extensions (the extension in this case is .exe).
Commtouch’s Antivirus for Email detected the attached malware within seconds of the start of the outbreak.
The graph below shows the scale of the attack on Saturday – from 4am (Pacific Time) till 3am on Sunday morning. The black line tracks this particular outbreak. At its peak the attack averaged around 100,000 messages per second. The top blue line represents spam received per second by Commtouch’s GlobalView Cloud.