Browse archive

Latest news

Targeted data stealing attacks using fake attachments

A look into the EC Council hack

New Mac spyware signed with legitimate Apple Developer ID

Ransomware adds password stealing to its arsenal

"Get free followers" scam targets Instagram users

Thoughts on the need for anonymity

Four LulzSec hackers handed prison sentences

The New Yorker launches anonymous dead-drop tool

Researchers reveal OpUSA attackers' MO

Info-stealing Dorkbot worm spreading on Facebook

Review: The Hacker's Guide to OS X

Private messages of Bloomberg clients end up online

IT security jobs: What's in demand and how to meet it

Hacking charge stations for electric cars

Spammers bait users with "stolen nude photos", deliver malware

Posted on 25.06.2012

If you get an email saying that nude pictures of you and/or of your girlfriend have been leaked on the Internet, don't open the attachment.

The same goes for attachments in emails claiming that you have broken into the email account of the sender and that a criminal investigation in the matter is ongoing.

According to Sophos, a barrage of spammy emails sporting a variety of similar subject lines and containing similar claims has been hitting users' inboxes in the last few days, threatening with reporting, offering help on tracking down "the bastard who did it", or asking for an explanation - and all urging the user to check out the contents in the attached Photo.zip file.

Unfortunately for those who aren't able to resist their own curiosity or are easily swayed by empty threats, the attached file contains a Zeus/Zbot Trojan variant which, once run, will promptly be installed on the victims' computer and start logging confidential information and online credentials.

As many times before, users are advised to never download attachments contained in unsolicited emails, and to be especially wary of emails that evoke an immediate and strong emotional reaction - even when they seem to be coming from friends.