Press Releases

Browse our press release archive

19 Oct 2006

Trojan horse tempts users with raunchy pictures of pop group t.A.T.u

One of the graphics attached to the email
One of the graphics attached to the email

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a new spyware Trojan horse offering pictures and intimate details about the personal lives of the infamous Russian pop group t.A.t.U.

The Troj/Banito-BE Trojan horse has been spammed out to email users around the world in a message with the subject line 'Photos of TATU', . It attempts to entice recipients into clicking on a malicious attachment purporting to contain photos and gossip about the controversial duo, who first sprang to fame in 2003.

The emails have the following characteristics:

Subject line: Photos Of TATU

Message text:
Ken points out that TATU's media blitz is continuing. They're gonna be big, they are. The in-depth report includes such tidbits as Julia says: "We really love each other and the sex is phenomenal. s a thousand times better than with a man. And contrary to what others might say, we don't just talk about it. We have sex at least three times a day......"
The newest dailies and photos are in the tatu.chm.

The emails have three files attached: tatu_1.jpg and tatu_2.jpg are promotional images of the duo, but TATU.CHM is a malicious compressed HTML help file which as well as offering an album of images of the notorious Eurovision entrants also gives hackers access to the innocent user's PC in order to spy, steal or cause havoc. According to Sophos, while many companies now block executable code at their email gateway, the infected file has the less well known *.CHM extension, which may enable it to slip past some corporate defenses.

"t.A.T.u are better remembered for their controversial videos and onstage antics than their music, and this Trojan exploits the still widespread interest in the sapphic school uniform-wearing pop duo's personal life, in order to log computer keystrokes, hijack users' PCs and steal information," said Graham Cluley, senior technology consultant at Sophos. "This is just one in a long line of malware that uses celebrities to entice naive computer users, and we'd urge even the most ardent t.A.T.u. admirers to resist temptation and avoid clicking on the unsolicited attachments."

Opening the CHM file displays pictures and gossip about t.A.T.u, but also installs a Trojan horse

Opening the CHM file displays pictures and gossip about t.A.T.u, but also installs a Trojan horse.

Sophos notes that the discovery of the Trojan coincides with the release of a twenty song t.A.T.u. retrospective earlier in October 2006, which has sparked renewed interest in the group, particularly in the US. In the past, celebrities such as Halle Berry, Anna Kournikova, Julia Roberts, Jennifer LopezBritney Spears or the stars of 'Sex and the City' have all been used to help malware spread.

"This celebrity-related malware has not been designed for mischief-making - its purpose is financial gain," added Cluley. "Cyber criminals who spread malicious code to steal information or take control of PCs don't normally want to draw attention to themselves, and by using such subject matter, the culprits may be limiting their chances of success. However it's vital that users ensure their anti-virus software is up-to-date, or they could risk compromising both their PCs and their personal data."

Sophos recommends that companies protect their email gateways with a consolidated solution to defend against viruses, spyware and spam, as well as secure their desktop and servers with automatically updated protection.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at