Malicious image spam entices users with soft porn

Share this article:

Hackers are taking advantage of image spam techniques and lusty minds to spread a new Trojan horse, experts at SophosLabs warned today.

A new spate of email messages are being sent to Australian users claiming to be from a woman visiting the country looking for a sex partner. Similar to most run-of-the-mill image spams the message contains no text, with the message completely embedded within an image. The missive embedded within the image entices users to visit a website to view her picture.

The referred website contains a soft porn image and Trojan horse payload containing Troj/Dloadr-AMA.

"This malware attack is particularly interesting because it borrows techniques commonly used by spammers," said Graham Cluley, senior technology consultant at Sophos. "The image in the email contains random noise to sidestep signature-based detection - a technique normally seen in medical or stock spam campaigns. Also, the subject matter is similar to 'pretty girl' spam campaigns that we see - but normally they send text spam rather than image spam, and urge the recipient to reply via email rather than visit a website."

According to IT security researchers at numerous companies, image spam has more than doubled in the past several months.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Researchers observe more than a hundred connections to 'Backoff' sinkhole

Researchers with Kaspersky Lab were able to sinkhole two command-and-control servers used by certain Backoff point-of-sale malware samples.

Judge lifts stay but Microsoft won't hand over emails during appeal

A judge has lifted a suspension of a previous order compelling Microsoft to hand over customer emails stored on a server in Ireland.

Home Depot investigates possible payment card breach

Home Depot investigates possible payment card breach

Home Depot said on Tuesday that it is working with its banking partners and law enforcement to investigate a possible data breach.