The junk emails have subjects such as “Naked Shakira Clip” and include a link with the text “Download and Watch.”
If the user clicks the link, she will actually download a copy of the Agent.IMB trojan, which copies itself to the system under the name CbEvtSvc.exe. It then creates a service with the same name to run whenever the system is started up.
“We believe the trojan is identity theft malware,” Ryan Sherstobitoff, chief corporate evangelist of Panda Security told SCMagazineUS.com on Friday. “The trojan will steal passwords, banking logins and other private information. It's a trend toward financial fraud.”
This is another mechanism of social engineering, Sherstobitoff added.
“They entice the users to open up the email by putting in very compelling language to get a higher click rate to open it,” he said.
Sherstobitoff said he expected to see a variance of this email in the coming days. Two to three percent of the people who receive the email are clicking on the malicious link, enough to encourage more, similar spam.
“The scary part of this type of spam is if it [causes machines to become] part of a botnet,” Sherstobitoff said. “That's a trend we're seeing, too. Spammers are using popular topics people might be interested in and exploiting it, and turning personal computers into bots.”
The main message Sherstobitoff stressed is that more cybercriminals are using things people are interested in, like celebrities, to get them to open and activate malicious code.
“People know better,” he said, “but they'll click on these links because they want the shocking gossip.”