Threat Research & Response Blog
The other day, while previewing messages in my inbox, I saw a conspicuous message with the following parameters, typos included:
The attached file is a ZIP archive that contains an executable file named "IMG04958.exe" (SHA1: 51dd01ab8f18bc5e7875526db241d4ea79c136e8), detected as Worm:Win32/Gamarue.E.
Scanning other messages, I noticed three additional spam campaigns using different subject lines and message body text:
The theme of the spam uses a type of social engineering that leverages the shock of allegation to trick the recipient into opening the attached file. If the recipient opens the attached file in an unprotected environment, this Win32/Gamarue variant will try to download other malware.
Gamarue also communicates with a command and control server on a bot network to perform actions against the infected computer.
It can't be emphasized enough in our recommendation that you apply an "ointment" (i.e. active security scanning) to help prevent "outbreaks".
-- Patrick Nolan, MMPC