New Spam Technique: .CPL File Use

Email remains the primary means of business communication. As such, cybercriminals and attackers often use it to infiltrate corporate networks. As a study said, the majority of organizations and large enterprises use corporate email accounts to send and receive confidential data.

As early as September 2013, we saw a rise in spam with malicious Control Panel (.CPL) files as attachment. In the past, spammers typically used .ZIP or. RAR files as attachment. In a particular financial spam run, the malicious .RTF file attachment came embedded with a malicious .CPL file we detect as TROJ_CHEPRO.CPL. The .RTF file contained a clickable image that, when clicked, ran the malicious .CPL file.

Legitimate .CPL files, when clicked, execute applets found in the Windows Control Panel. That’s probably why cybercriminals use them more now to spread malware. Some CPL malware like TROJ_CHEPRO.CPL, when executed, download data-stealing malware like TSPY_BANCOS.CVH. It gathers system-related information and text files as well as monitors transactions on sites like PayPal, Facebook, Google, and Hotmail. And as usual, data stolen can be used in future attacks.

For this reason, we recommend blocking .CPL attachments on your email system.


About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: