Nude celebrity photos used in new mass spamming campaign

Filed Under: Malware, SophosLabs, Spam

Over the past couple of hours we have seen a new mass-spamming of a downloader Trojan (added as Troj/Dloadr-BCP) masquerading as pornographic pictures of various female celebrities.

[Screenshot of email message]

[Screenshot of email message]

The email messages contain a single ZIP attachment, of filename Within the archive is a single executable, shocking.exe. When this file is run, victims are not rewarded with any images. Instead they have the pleasure of Troj/NTRootK-BY and Troj/Agent-FVT which are dropped to disk.

Given the obvious effort that has been put into obfuscating this Trojan (in order to evade AV detection), you might think the authors would come up with something more original than nude celebrities. Then again, if their formula works (just take a look at lists of top search-engine keywords) - why change?

You might like