Bogus Vodafone MMS Messages Spammed to Internauts

Internauts are urged for being vigilant of e-mails posing as messages from Vodafone the company that deals in telecom. Actually, the e-mails so dupe recipients that they believe a Multimedia Messaging Service (MMS) has been sent to them. Softpedia.com published this dated November 6, 2012.

The e-mails having the caption "You have received a new message" tell recipients that they've got a picture through the MMS sent from the cell-phone number +447503087109. It then states that the picture can be saved for which the recipient requires saving a given file attachment.

The file that overall looks like an innocuous zipped folder, in reality, carries one executable labeled as "Vodafone_MMS.jpg.exe."

If the person getting the e-mail along with the attachment doesn't have his operating system configured for displaying file extensions, then the given file may seem to be an authentic image file. But, actually, it is some malware.

The malware, which Kaspersky detects as Trojan-Downloader.Win32.Andromeda.coh, in its earlier versions had been proliferated through bogus Facebook e-mails that notified of one fresh photo from the recipient's friends which had been posted to his album.

Cunningly, the malware-laced e-mails, like The H Security outlines, aren't crafted for targeting Internet-users of just any particular country.

Therefore, within UK, the sender's id is mms@vodafone.co.uk with the country code prefixed to the mobile phone-number as +44, whereas within Germany, the e-mails with the sender's id as mms@vodafone.de have +49 as the prefix.

Notably, under VirusTotal, the Trojan has presently being caught with merely 8 out of its 44 anti-virus engines.

When the file is analyzed within a sandbox, its sinister purposes become clear. Of all things, it makes an own replica onto C:\Documents and Settings\All Users\svchost.exe after which it becomes invisible inside 'SunJavaUpdateSched' and becomes active soon as Windows starts up.

Therefore, security specialists advise users not to open attachments in unsolicited e-mails like within the above instance. And that one doesn't inadvertently view such file-attachments as well as get contaminated with malware, it's important that computer-operators ensure that their software displays the filenames. Besides, users must maintain their anti-malware software alongside other security software to the latest versions.

Related article: Bogus News Site Spreads Trojan

» SPAMfighter News - 11/12/2012