Today I received a couple of near identical emails in Portuguese that differed only by the (forged) sender address:
From: “Fernanda” <fernandinha@globo.com.br>
To: <joewein@pobox.com>
Sent: Thursday, September 04, 2008 06:29
Subject: Por favor veja isso!!!Você acredita que essas coisas ainda acontecem no Brasil?
Eu não posso acreditar…
Se você quiser, assine e repassse!
Tratamentos Desumanos.wmv (153,0 KB)
Google translation:
Subject: Please see that!!!
Do you believe that these things still happen in Brazil?
I can not believe …
If you want to, sign and pass on!
Inhumane Treatment.wmv (153.0 KB)
The link to what looks like a Windows movie file will try to run a malware installer.
The link in one of the emails goes to http://ceubba.org.ar/chat/data/web/~/anexo/video.wmv
, which is actually a directory created by the malware senders on a hacked website. For any directory, the browser resends the request with index.html, index.htm and a few other typical default document names. The criminals named their Windows malwale index.html and placed it into that folder. Because the file starts with an executable program header, Windows will try to run it, rather than using the Windows media player to play it as a video.
Be very careful when clicking on links or attachments in unexpected mail sent to you. Use common sense or a good anti-malware program, ideally both!