New celebrity pictures Trojan horse spammed

It seems like weekends are good opportunities for spamming out Trojans. About two hours ago we started receiving samples of the Trojan horse we now detect with Sophos Anti-Virus as Troj/Agent-HAH. The attachment name always seems to be xjolie.zip but message subjects vary and include:

  • Something hot
  • Hot news
  • Paris Hilton
  • Hot pictures

Unfortunately I have not managed to make the Trojan to run successfully under our controlled environment. Every time launched the file causes an exception so I cannot give you more details about what it would do if it would run successfully. But that is not so important as long as you are protected.

Good news for Sophos PureMessage users is that they were protected by our anti-spam solution only a couple of minutes after the mass-spamming  started. I am very pleased that our SXL infrastructure allows us to react to new outbreaks so quickly. It makes me calmer during the file analysis since I know that our users are protected – so I can take just a little bit more time to make sure that the written detection will not miss something significant.