SophosLabs is intercepting a spammed-out malware campaign, pretending to be an email about a revealing photo posted online of the recipient.
The emails, which have a variety of subject lines and message bodies, arrive with an attached ZIP file (IMG0893.zip) which contains a Trojan horse.
Subject lines used in the spammed-out malware campaign include:
- RE:Check the attachment you have to react somehow to this picture
- FW:Check the attachment you have to react somehow to this picture
- RE:You HAVE to check this photo in attachment man
- RE:They killed your privacy man your photo is all over facebook! NAKED!
- RE:Why did you put this photo online?
The message bodies contained inside the email can also vary. Here are some examples:
- Hi there ,
I got to show you this picture in attachment. I can't tell who gave it to me sorry but this chick looks a lot like your ex-gf. But who's that dude??.
- Hi there ,
I have a question- have you seen this picture of yours in attachment?? Three facebook friends sent it to me today... why did you put it online? wouldn't it harm your job? what if parents see it? you must be way cooler than i thought about you man :)))).
- Excuse me,
But i really need to ask you - is it you at this picture in attachment? I can't tell you where I got this picture it doesn't actually matter... The question is is it really you???.
You can imagine how some people would react if they received a message like this in their email. Many might open the attachment out of curiousity (or even with trepidation that a private photo had leaked onto the internet!) and end up having their Windows computer infected as a result.
The Bredo Trojan is nothing new, and we regularly see variants of it spammed out widely across the internet using a variety of social engineering lures to trick users into opening the dangerous attachment.
Keep your wits about you, and your anti-virus up-to-date, and you should have little to fear.