Former Miss Croatia’s – Nina Moric – image abused

Today SophosLabs saw the image of the former Miss Croatia – Nina Moric – abused by malware. Nina isn’t the first celebrity to be abused by malware and won’t be the last.

Troj/Srizbi-A uses the image to mask its activities.

mxxxxxcom.jpg

The Trojan which we saw spammed out in Cyrillic spam:

lenochka.jpg

A translation from Bablefish (with some corrections):


Subject: Regards! Estimate my photo;))
Regards, you do remember me? ;))
In the archive my new photo as you requested.
http://mxxxxx.com/My_.foto.exe
Whole,
Your Lenochka

A couple of things should have alerted the unwary:

  • that the photo link was actually an EXE
  • the link was on a domain with a name associated with internet pornography

Blindly following links in email is a bad thing.