Just how sick can a hacker get?

Bouncing babies

Just how sick in the head do you have to be if you’re a computer criminal?

We’ve seen them exploiting misery in all imaginable ways: from natural disasters such as tsunamis and hurricanes,to terrorist bombings and even mining accidents.

Today we saw a large amount of malicious spam claiming that the recipient’s baby child had been kidnapped, and demanding a $50,000 ransom.

Sign up to our free newsletter.
Security news, advice, and tips.

Of course, if you were foolish to look at the “photos” you would be opening up your Windows PC to a malware infection by the Troj/Resex-Fam Trojan horse, which then downloads further malicious software from the internet.

Before you know it hackers have taken control of your PC, and are stealing your identity, or using your computer as a spam relay, or launching distributed denial-of-service attacks, or – indeed – all of the above!

The email claims that your baby has been kidnapped

The email claims that your baby has been kidnapped.

More information about this attack can be found in the advisory we posted on the Sophos website, and on the SophosLabs blog.

This should be a reminder to everyone – even if a trick seems disgusting and beyond belief, it’s not too low for a hacker to consider using. It’s all very depressing, but sadly not at all surprising.

To try and cheer myself up, I’ve illustrated this blog story with a screen capture of an old DOS game from yesteryear – “Bouncing babies”. It’s a distant reminder of the halcyon days before we had to worry about email attacks, before we were troubled by spyware, and when sunshine was a regular fixture of the English summer.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.