Don’t save that date – bogus wedding invitations are latest spam trend but also deja vu

[Edited 3/29/13 to add VirusRadar map and more source links.]

“Wedding Invitation” is exactly the sort of subject line that might tempt unwary PC users into opening an email, even if it arrives by surprise. No surprise then that the fake wedding invite has re-emerged as an infection path, as recently noted by the good folks at ThreatTrack Security.

The bad guys have made previous forays into this area, as noted by Cisco last October, and wedding invites were one tactic employed to recruit PCs into the Bredolab botnet. (Coincidentally, Bredolab is often cited as a success story for law enforcement since the man behind it was jailed last year.)

The malicious emails seen lately are formatted to look like invitations, and have text headed with subjects like and messages such as, “You are cordially invited to celebrate our wedding.” There are no personal details in the email, and the link to find out more downloads malware. Several emails of this sort have been reported distributing a link to a Trojan, disguised as a Word document, and detected by ESET as a variant of Win32/Kryptik.ASKV. You can see recent activity on this threat map from ESET VirusRadar:

Map of Trojan kryptik

Once installed, the Trojan attempts to contact remote websites to download and execute other files – reportedly including bogus antivirus packages. While a legitimate antivirus product that is properly installed and kept up-to-date will help to protect against such threats, it’s always advisable to also exercise caution when opening attachments or clicking links in emails, particularly when they are inviting you to weddings of which you were not aware.

We all love a good wedding, and Easter is a big time for weddings, just don’t get carried away!

Author , We Live Security

  • fireengineman

    well it is a real virus alright as i got it. cannot believe I was sucked in. managed to stop it but it still in pc it sends info to a server which in turn sends links back to malicious websites. disconnected lan cable right away until i found a way to stop it sending through internet explorer/bing bar /chrome all 3 being used. any one have any ideas on this

  • flowforth

    I opened this today and accidentally installed the “” file. I know better than to open a .exe file, but it was early. My Norton kept it under control while i did a system restore to a newly created restore point from the same day (triggered by a windows 7 update). No problems after that. Tricky part is that the email and file listed my town in the title.

Follow us

Copyright © 2017 ESET, All Rights Reserved.