If you get an email saying that nude pictures of you and/or of your girlfriend have been leaked on the Internet, don’t open the attachment.
The same goes for attachments in emails claiming that you have broken into the email account of the sender and that a criminal investigation in the matter is ongoing.
According to Sophos, a barrage of spammy emails sporting a variety of similar subject lines and containing similar claims has been hitting users’ inboxes in the last few days, threatening with reporting, offering help on tracking down “the bastard who did it”, or asking for an explanation – and all urging the user to check out the contents in the attached Photo.zip file.
Unfortunately for those who aren’t able to resist their own curiosity or are easily swayed by empty threats, the attached file contains a Zeus/Zbot Trojan variant which, once run, will promptly be installed on the victims’ computer and start logging confidential information and online credentials.
As many times before, users are advised to never download attachments contained in unsolicited emails, and to be especially wary of emails that evoke an immediate and strong emotional reaction – even when they seem to be coming from friends.