Sexy photos from a sweet girl? Too risky!

If a sexy girl mistakenly sends you photos, you’d be a fool not to take a peek, right?

Wrong.

Malicious email

Here are the details of the email that we are catching in our spamtraps today:

Subject line: how are you? or hi
Message body:

Hi,
I will like to know you more better but I am not always on dating website if you trully want to get to know me more better like i do then get back to me through my email adress and tell me more about yourself there and also send me some more pics of you and i will do the same i hope to read from you soon so we can exchange more email and sexy photos. Take good care of yourself... and send me an email to my email adress I'll talk to you later.
Your sweet girl 🙂

ps: I send my sexy photo for you :*

Attached to the email is a file called photo.zip which, surprise surprise, contains a Trojan horse. In this case it’s Troj/Dloadr-CWG.

As in the “Hi friend” email attack I blogged about earlier today, malicious campaigns like this only work because the hackers are able to successfully socially engineer unsuspecting users into opening the dangerous file.