To trick some of the less prepared defenses they also picked the R01 file extension instead of the default RAR.
The Italian spam campaign was one of those which used the RAR archive format. The HTML structure alone is not particularly appealing for cybercriminals, but the ability to include JavaScript elements - just like in standard web pages - is. As its name openly suggest, the format is based on standard HTML pages - along with all the benefits and potential pitfalls. The content of an CHM file can be easily viewed thanks to the in-built support in Windows. Microsoft's compiled HTML help format was created sometime in 1997 as a compact solution for providing standalone help for applications. The email subject is a price list request, while the message body urges recipients to provide their best prices by opening the attachment. One particular campaign targeting approximately 2,500 users in Italy claims to be from Fedlux, a logistics and transportation company, and part of the International Freight Forwarders Association of Italy. Whilst the archives were mostly either ZIP or RAR format, they have been common in containing only one CHM file inside. In the past few weeks, malicious spam campaigns have surfaced that include attachments of varying archive types.
0 kommentar(er)
