Trojan horse tempts users with pictures of pop group t.A.T.u.

IT security firm Sophos has warned of a spyware Trojan horse offering pictures and intimate details about the personal lives of the infamous Russian pop group t.A.T.u. The Banito-BE Trojan horse has been spammed out to email users around the world in a message with the subject line ‘Photos of TATU’. It attempts to entice recipients into clicking on a malicious attachment purporting to contain photos and gossip about the controversial duo, who first sprang to fame in 2003.

The emails have three files attached: tatu_1.jpg and tatu_2.jpg are promotional images of the duo, but TATU.CHM is a malicious file, which as well as offering an album of images of the notorious Eurovision entrants, also gives hackers access to the innocent user’s PC in order to spy, steal or cause havoc. According to Sophos, while many companies now block executable code at their email gateway, the infected file has the less well known *.CHM extension, which may enable it to slip past some corporate defences.

Sophos notes that the discovery of the Trojan coincides with the release of a twenty song t.A.T.u. retrospective earlier in October 2006, which has sparked renewed interest in the group, particularly in the US. In the past, celebrities such as Halle Berry, Anna Kournikova, Julia Roberts, Jennifer Lopez, Britney Spears and the stars of ‘Sex and the City’ have all been used to help malware spread.