In our previous blog, we focused on the emergence of hybridized malware, in which malware arrives already infected by a file infector. In effect, there are two different malware families that will run on the infected system. In this scenario, attackers are able to maximize system compromise by deploying two different payloads in one execution, leaving a user’s machine open to a slew of infection.
In a Windows system, the infection starts through a spam mail that offers Tibetan Input Method for Apple iOS 4.2.:
The email lured recipients to open two attachments:
- an RTF file with the file name “Tibetan Input Method for Apple iOS 4.2 devices (iPhone, iPad, iPod touch).doc” and
- an archive containing a file named “Tibetan Input Method for Apple iOS 4.2 devices (iPhone, iPad, iPod touch).exe.”