×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.

Malicious Men's Health, Military E-mails Deliver Malware

Download our in-depth report: The Ultimate Guide to IT Security Vendors

Kaspersky Lab researchers recently came across a series of targeted attacks being sent via a domain registered in Shanghai.

The document titles either refer to articles from Men's Health magazine, cover military issues, or have Cyrillic file names. Open them, and you'll be shown a text document that covers the information promised in the title, while malware is installed in the background.

"When the exploit runs it creates and executes a file called wordupgrade.exe," writes Kaspersky Lab's Ben Godwood. "This executable drops a DLL called usrsvpla.dll into the system32 directory and modifies the WmdmPmSN (Portable Media Serial Number Service) registry key to load the DLL into svchost.exe. ... The malware installed by these documents is a variant of Enfal/Lurid. We are detecting wordupgrade.exe as Trojan-Dropper.Win32.Datcaen.d and usrsvpla.dll as Trojan.Win32.Zapchast.affv."

Godwood notes that the malware itself isn't particularly new -- as Trend Micro notes, the Enfal malware dates back to 2006 -- but he advises caution when viewing attachments related to any of the above topics.

Submit a Comment

Loading Comments...