Danger lurks in private dick's interesting photos

by Graham Cluley on March 2, 2009 | Comments Off

Filed Under: Malware, Spam

Have you received an email from someone claiming to be a private detective working on your behalf today? Well, don't click on the attachment.

Private detective email

We've intercepted a malicious campaign that has been spammed out in the form of emails claiming to come from a private detective who has found some "interesting photos" proving "evidence of your suspicions".

Of course, this is all a ruse to get you to open the attached file called DC07 (No Comments).zip

Inside the ZIP, however, you won't find proof that your husband has been philandering but the Troj/Agent-JBR Trojan horse.

As you can see in the screenshot of the email above, this isn't the most convincing confidence trick ever conceived with apparent evidence that the hackers failed to merge in the user's name properly ("#TO_NAME" indeed!"), but who knows if they might get more competent in the future.

And it wouldn't be surprising if some people do let curiousity get the better of them, and open the attachment without thinking of the dangerous consequences.

About the author

Graham Cluley is senior technology consultant at Sophos. The readers of Computer Weekly voted him security blogger of the year in 2009 and 2010, and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which was nice. He was also named "Best Security Blogger" by the readers of SC Magazine in 2011. You can subscribe to Graham's updates on Facebook, follow him on Twitter and circle him on Google Plus for regular updates.