Over the past couple of hours we have seen a new mass-spamming of a downloader Trojan (added as Troj/Dloadr-BCP) masquerading as pornographic pictures of various female celebrities.
The email messages contain a single ZIP attachment, of filename amazing.zip. Within the archive is a single executable, shocking.exe. When this file is run, victims are not rewarded with any images. Instead they have the pleasure of Troj/NTRootK-BY and Troj/Agent-FVT which are dropped to disk.
Given the obvious effort that has been put into obfuscating this Trojan (in order to evade AV detection), you might think the authors would come up with something more original than nude celebrities. Then again, if their formula works (just take a look at lists of top search-engine keywords) – why change?