Naughty nurse Sakura Shiratori tries to infect defence firm with malware

As we have mentioned before, we’ve seen a large number of files spammed out to various organisations, exploiting the CVE-2012-0158 vulnerability.

Victims have not been limited to defence companies, but have also included government departments, charities and recruitment agencies.

One of the latest attacks we have seen was sent to a defence contractor, using the subject line “if you want sex pictrue!”.

Naughty nurse email carries malware payload

Sign up to our free newsletter.
Security news, advice, and tips.

(I have cropped the screenshot above so the full image is not displayed after it became clear that the pictured nurse had not brought her entire uniform to work).

Attached to the email is a file called sexpicture.rar that contains a number of naked pictures of Japanese model Sakura Shiratori.

Harmless enough you might think. However, alongside the seedy snapshots are two files.

An apparent screensaver, short-SEXGPJ_1.SCR, is malicious – and detected by Sophos products as Mal/Behav-043.

Another file, short-SEX_ST_1.DOC, is detected by Sophos products as Troj/DocDrop-AF, and attempts to install further malicious code onto victims’ computers by exploiting the CVE-2012-0158 vulnerability.

Although the email appears to have come from the Taiwanese branch of Yahoo, the “from:” address has been forged by whoever sent out the attack. I’m also going to make the fairly safe assumption that Miss Shiratori is not aware of how her images are being abused.

Make sure that the staff at your firm are wary of opening unsolicited email attachments, and that computers are defended with up-to-date anti-virus software and the latest security patches.

Microsoft released its patch for the vulnerability back in April – if you haven’t already rolled it out across your Windows PCs, do so now.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.