Watch out\! Scammers send mail resembling a picture sent from a smartphone

This post is over 5 years old, it may be out of date.

Early this week, many employees received an email with the subject “img”, as entire content “Sent from my Lenovo” and as attachment malware with a name like “IMG_0112201135_2015”. A “.cab” file is a compressed archive, similar to a zip file. Because people on Windows PCs usually do not see file extensions, this seems to be a picture (JPEG) to them, but it is a “….JPEG.exe”. Double clicking on the fake picture infects the computer by executing the “.exe”. Therefore C&CZ changed the MIMEDefang filter on the Science mailserver to remove “.cab” attachments from mails, as has been done for years with other dangerous extensions like “.exe”. When a user fell for this malware all kinds of files were encrypted by the malware and the user was notified about a ransom that had to be paid to decrypt the files. This could be fixed by reinstalling the PC and restoring a backup of before the encryption. As of today, this malware is also detected by F-Secure. Idea: change your Windows settings not to hide file extensions.