1. 서론 금일 Apple Store 로 위장한 내용의 메일을 포함하여, 다양한 내용의 e-mail 을 통해 전파되는 악성코드가 발견되어 안내드립니다.
2. 전파 경로
악성코드는 다양한 내용의 스팸메일의 첨부파일을 통해 전파가 됩니다.
제목: acceptance letter & benefit summary
As discussed, attached is a copy of your acceptance letter and a copy of the ASPCA benefit summary for review. We will have the original acceptance letter here for you in the morning. Please ask for me at the front reception desk at around 9:15 a.m.
We are so excited to have you joining the HR team and the 'A'
See you tomorrow!
Summary of Benefits – New York.zip
제목: Your receipt from Apple Store, Fifth Avenue
Thank you for shopping at the Apple Store.
제목: Your Quote from AA Getaway Coaches
Thank you for choosing AA Getaway Coaches. Your Quote is attached. If you decide to travel with us, please sign and fax back to our offices the Reservation Request Form as soon as possible to reserve your vehicles.
Pay Online with PayPal. Fax your signed Reservation Request From back to our offices at 718.982.5274, we will reserve your vehicles and send you an email containing instructions to make your payment online using PayPal – safely and securely.
The attached documents are in PDF format and require a compatible PDF viewer such as Adobe Reader.
제목: Angel Awards
Human Resources Coordinator
520 8th Avenue, 7th Floor
New York, NY 10018
P: 864-870-1106, ext. 48187
The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof.
List for Printing – 1st and 2nd Qtrs.zip
제목: NYCEDC Employment Application
It was nice talking with you yesterday. Attached is the NYCEDC Employment Application. It's an interactive PDF form so you should be able to type directly into it. If you could bring a completed copy with you to the interview, that would be great. Please let me know if you have any questions.
I cleaned up the formatting of the resume and will review the content at some point today. Save this as your latest version and I'll talk to you later.
Marcelino Estrada Resume.zip
It was a pleasure to meet you last night, and thank you ! As per our conversation, please find attached a preliminary proposal, including various prix fixe menus and a credit card authorization form. Also attached is our current wine list, in case you would like to pre-select any wine for this event. Please let me know if you have any questions, as it would be my pleasure to assist you.
Thanks and best,
52 E 41st Street
New York, NY 10017
Please remember the environment before printing this email. P
This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you.
첨부파일은 모두 이름만 다른 동일파일이며, 압축 해제시 아래와 같은 아이콘을 확인하실 수 있습니다.
[그림] 악성코드가 사용하는 아이콘
[그림] 악성코드로 인하여 설치된 허위 백신
[그림] 허위 백신 트레이 아이콘
3. 대응 현황 현재 V3 제품군에서는 아래와 같은 임시 진단명으로 해당 악성코드를 진단하고 있습니다. 정식 진단명이 나오게 되면 아래 내용을 수정 하겠습니다.
[표] 해당 악성코드에 대한 V3 제품군 진단명
사용자들은 아래와 같은 내용을 항상 유의하여 메일을 통해 첨부되는 악성코드로 부터 미연에 방지하시기 바랍니다.
1. 발신인이 불분명한 메일일 경우 가급적 메일을 확인하지 마시기 바랍니다.
2. 안티바이러스(백신) 프로그램을 설치하여 항상 최신 엔진을 유지하며, 실시간 감시 기능을 사용합니다.
3. 메일 내에 포함된 첨부파일에 대해 안티바이러스(백신) 프로그램으로 검사를 한 후 열람하시기 바랍니다.
4. 메일 본문에 포함된 URL은 가급적 접속을 하지 마시기 바랍니다.
[표] 메일 열람 안전 수칙