This morning I received an innocent looking email from Vodafone Australia informing me I had a picture\video message from an Australian mobile number. Nothing unusual there as I'm located in the UK and friends and family are in OZ. However the mobile number was unknown to me and on checking the attached JPEG Zip file it opens as an exe and invites you to run it.
Having just cleared out some redirection malware I was not going to risk this one so if you receive a message like this and don't recognise the number DO NOT RUN IT.
In an attempt to find who had sent me the picture I called the phone number however according to Voda it is not connected.
Searching the web revealed two items relating to this:
The first identifies the virus as Trojan Gamarue the second warns that the messages say that a picture message is in the attached "Vodafone_MMS.zip" file. However, once unzipped, it only contains an executable named "Vodafone_MMS.jpg.exe" that will install malware onto a victim's system when launched. According to VirusTotal, the malware is currently only detected by just 8 of 44 anti-virus programs used by the online virus scanner service.
An analysis of the file in a sandbox leaves no doubts about its malicious intentions: among other things, it copies itself to C:\Documents and Settings\All Users\svchost.exe and then hides itself under SunJavaUpdateSched to launch when Windows first boots.
Keep alert and keep safe!