Return Of The Dorfs: A Christmas Special

Today spamtraps monitored by SophosLabs received samples of a malware campaign spammed out using the combination of the holiday season, and the promise of a “Personal Holiday Strip Show” in an attempt to infect computers. The format of the messages were very similar to previous malware campaigns we’ve detected over the past 8-10 months:

Many varying subject lines, generic enough to entice recipients to view the message.

StripShow Subject Lines

The message body contained thousands of variations, with a greeting and single paragraph, all attempting to direct the user to the same specific website.



The website itself contained images of scantily clad women with a title of “Mrs. Claus Gone Wild”. The images and “Download for free now!” button both linked to an executable detected as W32/Dorf-AE


This is just yet another example of Malware writers/Spammers exploiting current world news or holidays, in an attempt to grow their “Botnets”.