Sexy photos from a sweet girl? Too risky!

by Graham Cluley on November 4, 2009 | Comments Off

Filed Under: Malware, Spam

If a sexy girl mistakenly sends you photos, you'd be a fool not to take a peek, right?

Wrong.

Malicious email

Here are the details of the email that we are catching in our spamtraps today:

Subject line: how are you? or hi
Message body:

Hi,
I will like to know you more better but I am not always on dating website if you trully want to get to know me more better like i do then get back to me through my email adress and tell me more about yourself there and also send me some more pics of you and i will do the same i hope to read from you soon so we can exchange more email and sexy photos. Take good care of yourself... and send me an email to my email adress I'll talk to you later.
Your sweet girl :)

ps: I send my sexy photo for you :*

Attached to the email is a file called photo.zip which, surprise surprise, contains a Trojan horse. In this case it's Troj/Dloadr-CWG.

As in the "Hi friend" email attack I blogged about earlier today, malicious campaigns like this only work because the hackers are able to successfully socially engineer unsuspecting users into opening the dangerous file.

About the author

Graham Cluley is senior technology consultant at Sophos. The readers of Computer Weekly voted him security blogger of the year in 2009 and 2010, and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which was nice. He was also named "Best Security Blogger" by the readers of SC Magazine in 2011. You can subscribe to Graham's updates on Facebook, follow him on Twitter and circle him on Google Plus for regular updates.