[Edited 3/29/13 to add VirusRadar map and more source links.]
“Wedding Invitation” is exactly the sort of subject line that might tempt unwary PC users into opening an email, even if it arrives by surprise. No surprise then that the fake wedding invite has re-emerged as an infection path, as recently noted by the good folks at ThreatTrack Security.
The bad guys have made previous forays into this area, as noted by Cisco last October, and wedding invites were one tactic employed to recruit PCs into the Bredolab botnet. (Coincidentally, Bredolab is often cited as a success story for law enforcement since the man behind it was jailed last year.)
The malicious emails seen lately are formatted to look like invitations, and have text headed with subjects like and messages such as, “You are cordially invited to celebrate our wedding.” There are no personal details in the email, and the link to find out more downloads malware. Several emails of this sort have been reported distributing a link to a Trojan, disguised as a Word document, and detected by ESET as a variant of Win32/Kryptik.ASKV. You can see recent activity on this threat map from ESET VirusRadar:
Once installed, the Trojan attempts to contact remote websites to download and execute other files – reportedly including bogus antivirus packages. While a legitimate antivirus product that is properly installed and kept up-to-date will help to protect against such threats, it’s always advisable to also exercise caution when opening attachments or clicking links in emails, particularly when they are inviting you to weddings of which you were not aware.
We all love a good wedding, and Easter is a big time for weddings, just don’t get carried away!
Author Rob Waugh, We Live Security