Windows users are at risk of having their computers infected, after a malware attack posing as an “important company update” was spammed out.
The emails, which use forged headers to pretend to come from the same domain as your email address (in other words, if you have an email of fred@example.com the email will purport to have been sent from Administrator@example.com) have one unusual trick up their sleeve.
Rather than the malicious file being a plain executable, or a booby-trapped Word or PDF document, the malware is attached as a .gadget file.
If you haven’t heard of gadgets before, they’re the mini-programs that can run in the Windows sidebar. Often they might provide you with a number of functions, such as a desktop clock, an RSS feed or the latest weather report.
Here is what a typical email sent in the malware campaign looks like:
Subject:
IMPORTANT – Internal Use only
Attached file:
internal_use_only.gadget
Message body:
Important Company Update
*********************************
Please read carefully the attached document
**********************************
CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.