Nude celebrity photos used in new mass spamming campaign

Nude celebrity photos? Not so shocking.

Over the past couple of hours we have seen a new mass-spamming of a downloader Trojan (added as Troj/Dloadr-BCP) masquerading as pornographic pictures of various female celebrities.

[Screenshot of email message]

[Screenshot of email message]

The email messages contain a single ZIP attachment, of filename Within the archive is a single executable, shocking.exe. When this file is run, victims are not rewarded with any images. Instead they have the pleasure of Troj/NTRootK-BY and Troj/Agent-FVT which are dropped to disk.

Given the obvious effort that has been put into obfuscating this Trojan (in order to evade AV detection), you might think the authors would come up with something more original than nude celebrities. Then again, if their formula works (just take a look at lists of top search-engine keywords) – why change?