Infected faked IDF Email message

On March 6, faked email message was sent to different recipients in Israel, pretend to be from Israel Defense Force (IDF) origin, with the sender address idf.jets@gmail.com.

The subject of the message was “jest: Israel warns soldiers of abduction” and the email itself contained no message but an attached file (RAR type) named “Israel warns soldiers of abduction“, and the text “IDF Online” at the bottom of the message  alongside with a link to IDF official Facebook page ((http://www.facebook.com/idfonline).

Several minutes after the arrival of this email message, an automatic Google notification warned the recipient of potential suspicious attachment included in the previous one.

Short examination of the attached file revealed the zipped file contained short video clip infected with a Malware which can be harmful to Windows 8 system file name “smslisto.exe”

This incident is not the first attempt to infiltrate malwares using fake IDF email messages and addresses;

On late October 2012, Email messages with similar characteristics were sent to recipients in Israel. The Email message sent from Gmail address allegedly of Benny Gatz, IDF Chief of Staff, with the subject “IDF strikes militants in Gaza Strip following rocket barrage“. Once again the message contained an infected RAR file, named “Report & Photos”.

The same method was used two weeks later by using email messages from a Gmail address (probably authenticated and activated one) of IDF spokesperson (Idfspox@gmail.com). Here also the infected attached file was RAR type and named “Report”.

This post is also available in: עברית