A Sample of a Malicious ".GZ" Email Message
Attachment: BANK DETAILS_PDF.gz 372 KB
Subject: Re-Confirm The Attached Bank Details
Date: Mon 1/7/2019 4:52 AM
From: Razor Pajero
I am writing you from a different email because we received an email from one of your
colleague today stating that a change of BANK ACCOUNT for remittance of our subsequent invoice
payments. Please kindly re-confirm the attached bank details for clarity, so that we can update our
account department accordingly.
Kindly check & confirm immediately in a return mail.
YII HKNET INTERNATIONAL CO., LTD TAIWAN
Please feel free to write back Email or call us directly on our Mobile Number for any information or query. We look forward to your positive response.
****************** Disclaimer *************
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Bharat Fritz Werner Limited has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment.
************* End of Disclaimer *************
PLEASE CONFIRM CHANGE OF BANK ACCOUNT
The .GZ compression is similar to ZIP which is the most popular file compression or archive formats.
Cybercriminals usually store their malware in compressed files to help prevent antivirus software from detecting them. In other words, they do it because the compressed malicious email attachments may bypass the recipients' antivirus software.
What is a .GZ file?
GZ files are compressed files created using the gzip compression utility, which was initially created by two software developers to replace and improve on Compress in UNIX. This utility is most commonly used on UNIX and Linux systems.