Adult spam campaign pushes PC users to Pushu trojan

Sophos is warning of a widespread spam campaign that attempts to fool computer users into downloading a spyware Trojan horse. The emails, which contain phrases such as ‘hot photos from my birthday’, purport to be linking users to adult online content, when in fact the links lead to a website containing the Pushu-A Trojan horse, which attempts to steal information from infected PC owners.

According to Sophos, visitors to the website are encouraged to download what they believe will be a selection of hardcore adult photographs in an archive file – in reality the file is a malicious executable called xxx.exe or foto.exe. When investigating one website hosting the malware, experts at SophosLabs also discovered a peculiar photograph of two US comedians, Lewis Black and Dave Attell, which is apparently unrelated to either the spam emails or the malware itself.

“As with all messages offering salacious content, the danger is that some people may be so excited about the prospect of viewing the pictures that they’ll click before thinking about what might be in the best interests of their PC’s health,” said Graham Cluley, senior technology consultant at Sophos. “The comics in the photograph certainly add a strange twist, though it’s unlikely anyone will be laughing if their PCs are compromised by downloading Pushu.”

“The email spam campaign has been widely distributed, although thankfully we haven’t received many reports of users infected by the Trojan horse,” continued Cluley. “Those that visit the phoney adult websites risk throwing open their PCs for cybercriminals to steal information or carry out further online attacks. Thanks to its continued success rate, it seems likely that this type of illicit material will be used to tempt people into infection for some time to come.”