ThreatTrack Security Warns of Malicious Wedding Invitations
The spam e-mails link to a Web site that delivers the Kuluoz Trojan.
ThreatTrack Security researchers recently came across a malicious spam campaign that claims to come from Prague's White Wedding Agency and copies the look and feel of the agency's Web site (h/t Softpedia).
The e-mail invites the recipient to a wedding, stating, "You are Cordially Invited to Celebrate the Our Wedding On Tuesday march the 29 at Four O'clock Followed by a Reception."
The spam e-mail ends by asking the recipient to click on a link to "Get Full Invitation Text." If you click on the link, you'll download a ZIP file that contains an executable file disguised as a Microsoft Word document. Open the executable, and a text file, Postal-Receipt-txt, will open to distract you while the malware launches in the background.
ThreatTrack identifies both the ZIP file and the executable as Trojan.Win32.Kuluoz.b.
"Kuluoz is capable of downloading other malicious software onto the infected system," writes ThreatTrack Security communications and research analyst Jovi Umawing. "This particular sample downloads a fake AV software, particularly WinWebSec."