When Cupid brings malware instead of love

We have started to see in Germany a massive spam campaign that spreads malware in form of a classical “russian bride” spam.


Written in a more than questionable German language, the emails contains confusing sources. The From field mentions a name, the author of the email is another one and the contact email address in the email is a completely different one. Looks like the girl looking for a German husband has some kind of personality disorder. 🙂

Leaving the jokes aside, despite all these clear signs of fraud, the Russian girl sends a link to a file that is supposed to be a photo of herself .


You did notice the filename photo.jpg_______.exe, right ?

This method of spreading malware using a double extension is as old as the malware business itself. It made us remember the old MS-DOS viruses that were having double extensions?


At the moment of writing this post only 7 antivirus software out of 46 included in the Virustotal.com website detected the file as malicious.

All Avira products detect the various files included in these emails as  TR/Injector.EB.64 and  TR/Cridex.EB.71.

We remind all our readers again: never click on links sent in spam emails and never execute files that you receive in emails or you download from suspicious sources.


Sorin Mustaca

IT Security Expert