We have started to see in Germany a massive spam campaign that spreads malware in form of a classical “russian bride” spam.
Written in a more than questionable German language, the emails contains confusing sources. The From field mentions a name, the author of the email is another one and the contact email address in the email is a completely different one. Looks like the girl looking for a German husband has some kind of personality disorder.
Leaving the jokes aside, despite all these clear signs of fraud, the Russian girl sends a link to a file that is supposed to be a photo of herself .
You did notice the filename photo.jpg_______.exe, right ?
This method of spreading malware using a double extension is as old as the malware business itself. It made us remember the old MS-DOS viruses that were having double extensions?
At the moment of writing this post only 7 antivirus software out of 46 included in the Virustotal.com website detected the file as malicious.
All Avira products detect the various files included in these emails as TR/Injector.EB.64 and TR/Cridex.EB.71.
We remind all our readers again: never click on links sent in spam emails and never execute files that you receive in emails or you download from suspicious sources.