Windows users warned over spammed-out gadget malware attack




Windows users are at risk of having their computers infected, after a malware attack posing as an “important company update” was spammed out.

The emails, which use forged headers to pretend to come from the same domain as your email address (in other words, if you have an email of the email will purport to have been sent from have one unusual trick up their sleeve.

Rather than the malicious file being a plain executable, or a booby-trapped Word or PDF document, the malware is attached as a .gadget file.

If you haven’t heard of gadgets before, they’re the mini-programs that can run in the Windows sidebar. Often they might provide you with a number of functions, such as a desktop clock, an RSS feed or the latest weather report.

Here is what a typical email sent in the malware campaign looks like:



IMPORTANT – Internal Use only

Attached file:


Message body:

Important Company Update


Please read carefully the attached document


CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.