JPG Malware Attachment Campaign Strikes Again

 Analysis by: Lizale Anne Payofelin

Spam with malicious attachment disguised as a .JPG file have become rampant once again. However, the subject and body of the email are still the same bogus claims that aim to lure unsuspecting users into clicking the image file. Below is a comparison of said spam messages from different months:

Spam with .JPG attachment sent in July 2018

Spam with .JPG attachment sent in September 2018

These kinds of spam emails can either be from a free webmail or forged FROM sender. The common subject is centered on Windows 11, but the content of the message body may sometimes be about a different topic altogether. Meanwhile, the attachment is still an image file which is a .JPG file whose name is a series of random letters and numbers.

Composition of file in spam attachment

Composition of a normal .JPG file

Comparing the two images above, normal .JPG files have the marker FF D8 FF followed by JFIF in the file header. while in the malicious file masquerading as a .JPG file, the file header is akin to portable executable files.


We highly recommend running an anti-malware product that is also capable of protecting against malicious attachments in email. Trend Micro products with anti-spam technology are protected from these bogus attachments.

 SPAM BLOCKING DATE / TIME: September 19, 2018 GMT-8
 TMASE INFO
  • ENGINE:8.0
  • PATTERN:24106