Spammed out “shocking photos” emails contain malicious payload

Sophos is urging computer users to think before opening unsolicited email attachments following the discovery of a widespread malicious spam campaign that claims to contain shocking indecent pictures of female celebrities Nicole Kidman, Milla Jovovich, Angelina Jolie and Natalie Portman.

By exploiting the global interest in these Hollywood stars, the emails attempt to get computer users to open an attached zip file. Within this is a program that, when run, launches both the NTRootK-BY rootkit and the Agent-FVT Trojan.

According to Sophos, the emails typically arrive with an attached file called amazing.zip or shocking.zip.

“These emails are masquerading as celebrity adult content, tempting the unwary into opening a file on their Windows computer which will install a rootkit and download further malicious code from the internet,” said Graham Cluley, senior technology consultant for Sophos. “This kind of social engineering trick is nothing new – it’s used so often by cybercriminals that it sometimes feels like it’s been around since the days of the silent movies. However, that hasn’t stopped it from being an effective way to fool many people into running code designed to allow hackers to break into computers.”