Be careful opening bikini screensavers - malware hides inside

by Graham Cluley on January 2, 2013 | 4 Comments

Filed Under: Featured, Malware, Spam

Bikini. Image from ShutterstockCybercriminals have spammed out a malicious Trojan horse, via an email claiming to offer season's greetings and photographs of a woman wearing a bikini.

As many people return to their desks following the holiday break, there is a danger that they will find a dangerous email lurking inside their inbox alongside the regular mountain of spam.

In the following example, intercepted by SophosLabs, the malicious email claims to come from Selma. (Or is it Gretchen?)

Malicious email with bikini screensaver attached

Subject: HAPPY NEW YEAR

Ciao mia cara!
Come stai? Come promesso, ecco le mie foto bikini. Spero che sarà love it!
Questo è il mio umile dono per il nuovo anno! Ci vediamo più tardi :)
Il tuo amore Selma
01.01.2013 16:04:43

Here's another example, claiming to be a belated Christmas greeting:

Malicious email with bikini screensaver attached

Subject: Merry Christmas

Hello my dear!!!
How are you? As I promised, here's my bikini photos. I hope you will be love it!
This is my humble gift for Christmas! See you later :)
Your love Ciara
28.12.2012

Although the emails are written in different languages (in the above examples, Italian and then English) the message is the same - here are the photographs of me wearing a bikini that I promised you.

Attached to the emails is a file called Bikini.zip, which contains a suspicious Windows screensaver - Bikini.scr, which contains a variety of encrypted strings.

Of course, a screensaver (.SCR) file is executable - so running the program can put your computer at risk.

Sophos products are being updated to detect the malware as the Troj/Agent-ZMO Trojan horse, but my advice would be to always be careful opening bikini screensavers, especially when they arrive via unsolicited emails from people you don't know.

Bikini image from Shutterstock.

Tags: , , ,

You might like

Facebook friend added a new photo of you? Beware spammed-out malware attack Facebook friend added a new photo of you? Beware spammed-out malware attack
Malware attack poses as email from your office's HP scanner Malware attack spread as email from your office's HP scanner
French Facebook malicious emails Furtive French photos feign as Facebook, but it's a malware attack
christmas-beach-thumb I've just received a malicious Christmas card - in June!

4 Responses to Be careful opening bikini screensavers - malware hides inside

  1. FM1337 · 786 days ago

    This proves hackers will never stop at anything to infect a user's computer.

    Reply
  2. Johan · 786 days ago

    Now if users would stop thinking of those 'bikini photos' for a second to notice all those grammar errors and the fact that the file is a `.scr`...

    Reply
  3. Jonah · 786 days ago

    "I hope you will be love it" Do hackers ever learn grammar?

    Reply
  4. Joe · 786 days ago

    Opening an executable from someone you don't know is a failure of your first line of security defense -- your brain is off line.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Cancel

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.