ESET Ireland warns of an email, titled “Important – To all Employee’s”, which has an infected attachment that contains a trojan
The email has been observed to come from an Irish email address and targets other Irish emails. The title “Important – To all Employee’s” (spelling error included) prompts receivers to open an archived attachment titled Document.zip. Within the archive file is an executable file called Document_2520.exe, which if clicked, infects the victim’s computer with malware that ESET detects as Win32/Kryptik.DJUM.
Win32/Kryptik is generic detection of malicious obfuscated code within files with PE32 (Portable Executable, 32-bit) format, which is most active in infecting computers in UK and Ireland. This particular one likely contains the Win32/TrojanDownloader.Waski, observed since 2013, which downloads a range of additional malware to an infected computer. Basically, once you’ve got one, you’ll soon have many more.
Infections like these count on computer users to just open anything they receive without thinking. ESET Ireland therefore recommends checking who any email is from, before opening any attachments, to make sure the content is legitimate. Executable files (.exe) should particularly ring alarm bells when received and should be checked by an antivirus scanner or just deleted, before they can deliver their malicious payload.
by Urban Schrott, ESET Ireland