"My best photo ever!" Trojan horse spammed out via email

July 28, 2006 Sophos Press Release

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a Trojan horse that has been spammed out to email addresses disguised as a digital photograph.

The Troj/Dloadr-AKX Trojan horse has been spammed out in email messages, which has the following characteristics:

Subject line:

My best photos!
or
the best pictures of us. Just take a look, i'm excited!
or
Wanna see?
or
You've asked for pictures. See this.

Message body:

Hi, Honey

My best photo ever!

Xoxoxo

Attached file: photos.zip

Inside the ZIP file is another file called DSC00342.jpg <spaces>.exe.

The executable file is a Trojan horse designed to download further malicious code from the internet, but disguises itself as a JPG graphic by using a double extension and inserting multiple spaces into the filename.

"Opening the file will not show you a digital picture, but instead blast open a hole in your PC's security," said Graham Cluley, senior technology consultant at Sophos. "Anyone unfortunate enough to run this program is running the risk of allowing hackers to gain access to their computer to spy, steal and cause havoc."

Sophos recommends that all computer users should ensure that they are running an anti-virus product which is configured to automatically update itself, security patches and firewall software.

"This Trojan horse reminds computer users that keeping anti-virus software up-to-date is essential," continued Cluley. "Regular anti-malware updates combined with sensible safe computing policies and strong email policy at the gateway reduces the risk of threats like this."

Although Sophos has received no reports to date of customers encountering the Trojan horse, it has seen many incidents of the malware at its global network of spam traps. Sophos's anti-virus products were automatically updated to protect against the Troj/Dloadr-AKX Trojan horse at 15:15 GMT on 28 June 2006.

Sophos recommends that companies protect their email gateways with a consolidated solution to defend against viruses, spyware and spam, as well as apply an email policy that filters unsolicited executable code at the gateway. Businesses should also secure their desktop and servers with automatically updated protection.