Defense contractor targeted with “sexy” spam carrying malware

Targeted spam campaigns take many forms and take advantage a variety of natural human responses and feelings such as curiosity, fear, or lust.

This last one spotted bet on the latter one, as unsolicited emails containing a sexy photos of a Japanese model began hitting inboxes of employees of a defense contractor:

The photos are included in an archive file (sexpicture.rar), but unfortunately, there are two other malicious files inside it, and one of them is a downloader Trojan posing as a .doc file.

“Although the email appears to have come from the Taiwanese branch of Yahoo, the ‘from:’ address has been forged by whoever sent out the attack,” says Graham Cluley. “I’m also going to make the fairly safe assumption that Miss Shiratori is not aware of how her images are being abused.”

As always, users are urged to be extremely careful when handling unsolicited emails, and to never open files or links included in them.