Beware “changlog” spam: It’s malware

If you receive any email with a subject line similar to “Re: Changlog 10.2011,” or something similar, delete it immediately: it’s malware. This isn’t a new one, it just seems to be going through a resurgence at the moment. Sophos identified it and wrote about it in February 2012:

Internet users are receiving emails claiming to contain a changelog – but the files attached are really designed to infect computers.

Here’s what a typical email looks like, although the precise wording can vary.

Subject: Re: Your Changelog

Message body:
Good day,
as promised chnglog attached (Open with Internet Explorer)

The subject lines and attachment names can also be different from email to email – here’s a small selection.

Make sure your anti-malware software is up to date and you should be OK. Just don’t click the link (but you already knew that, eh?)