A new wave of spammed emails with malicious attachments can be seen on the Internet. An email that promises cigarettes at very low prices comes with a password-protected archive that contains TROJ_YABE.BJ.
Usually passwords are used to ensure the recipient gets exactly what the sender sent and to ensure nobody else accessed it. In this case everybody receives the same password, so all the security is gone. But this might trick users to believe the attachment is safe. This way of social engineering bypasses security by faking security.
The email is send in the name of “Zigaretten GmbH” and the subject line – among others – is
“Rauchen ist jetzt billiger ab 1 Euro”. The text just lies when it says something like: “your personal archive password is: angebot”
We would suggest to temporarily block mails that come with an attachment named for example “Angebot.rar”, “Ausverkauf.rar” or “Preis.rar” and From display name is “Zigaretten GmbH”, if you run security solutions like IMSS. As usual, don’t open any attachments from untrusted sources or sources you simply don’t know.
Share this article