An email is currently making the rounds on the net using photo.zip as an attachment. This archive file contains two files, photo.bmp (actually an executable file) and a batch file, View-Photo.bat, with one line in it, “photo.bmp”)
You might say that there is no danger in this as Windows will check the extension of the file and will not execute it since the attachment is .bmp. Well this is true if you just click the file photo.bmp and attempt to execute it. But what about the other file (View-Photo.bat)
Windows CMD.EXE has a flaw where it executes an executable file without any warning regardless of its extension. Yes, even if it has a .bmp extension, it will execute and then your screwed.
By using the View-Photo.bat, CMD.EXE will execute the file photo.bmp, so please take extra caution. Be on the look out for these kinds of attachment. We currently have no sample for the email body but the attachment should already give a sense of alertness.