IT security and control firm Sophos is urging computer users to think before opening unsolicited email attachments following the discovery of a widespread malicious spam campaign that claims to contain shocking indecent pictures of female celebrities Nicole Kidman, Milla Jovovich, Angelina Jolie and Natalie Portman.
By exploiting the global interest in these Hollywood stars, the e-mails attempt to get computer users to open an attached zip file. Within this is a program that, when run, launches both the NTRootK-BY rootkit and the Agent-FVT Trojan.
According to Sophos, the emails typically arrive with an attached file called amazing.zip or shocking.zip.
"These e-mails are masquerading as celebrity adult content, tempting the unwary into opening a file on their Windows computer, which will install a rootkit and download further malicious code from the Internet," says Brett Myroff, CEO of master Sophos distributor, NetXactics.
"This kind of social engineering trick is nothing new. However, that hasn't stopped it from being an effective way to fool many people into running code designed to allow hackers to break into computers."
Sophos has updated its anti-virus products to detect the malicious attachment as Troj/Dloadr-BCP.
Safe computing is the best defence. “That means not only running an up-to-date anti-virus, security patches and firewall – but also exercising caution over what programs you decide to run on your computer," says Myroff. "Always think twice before opening a file that unexpectedly arrives in your e-mail inbox."
Sophos experts note that this is not the first time that female celebrities have been used as bait in an attempt to trick innocent computer users into viral infection. The promise of glimpses of pin-ups like Paris Hilton, Britney Spears, Halle Berry, Avril Lavigne, Anna Kournikova, Julia Roberts, Jennifer Lopez, or the stars of 'Sex and the City' have previously been used to help viruses spread.
Sophos continues to recommend companies protect their desktops and servers with automatically updated protection against viruses, hackers, spyware, and spam.