Malicious PDF spam with Sality virus

Malicious spammers will try every approach they can think of to make you open the attachments included in emails.

Sophos warns that a malicious email containing the following text has been dropped into inboxes around the world:

Hey man..
Remember all those long distance phone calls we made.
Well I got my telephone bill and WOW.
Please help me and look at the bill see which calls where yours ok..

You surely don’t remember such an occurrence or the sender of the email, since this is just a ploy to make you open the PhoneCalls.pdf attachment, but don’t let your innate curiosity get the better of you.

The attached file is crafted in such a way that it can exploit a vulnerability in how Adobe Reader handles TIFF images, and proceeds to download and execute a Trojan that loads the Sality virus into your system’s memory. The virus then proceeds to append its encrypted code to executable files, deploys a rootkit and kills anti-virus applications.

Having an up-to-date version of Acrobat Reader and of an anti-virus solution installed can help detect this threat, but teaching yourself to detect suspicious emails such as this one is also a great idea.

Just remember that opening documents attached to unsolicited emails is like the online equivalent of Russian roulette – the odds are stacked heavily against you.




Share this