IMG0893.zip – Your photo all over Facebook? Naked? Malware campaign spammed out

SophosLabs is intercepting a spammed-out malware campaign, pretending to be an email about a revealing photo posted online of the recipient.

Subject lines used in the spammed-out malware campaign

The emails, which have a variety of subject lines and message bodies, arrive with an attached ZIP file (IMG0893.zip) which contains a Trojan horse.

Malicious email

Subject lines used in the spammed-out malware campaign include:

  • RE:Check the attachment you have to react somehow to this picture
  • FW:Check the attachment you have to react somehow to this picture
  • RE:You HAVE to check this photo in attachment man
  • RE:They killed your privacy man your photo is all over facebook! NAKED!
  • RE:Why did you put this photo online?

The message bodies contained inside the email can also vary. Here are some examples:

  • Hi there ,
    I got to show you this picture in attachment. I can’t tell who gave it to me sorry but this chick looks a lot like your ex-gf. But who’s that dude??.
  • Hi there ,
    I have a question- have you seen this picture of yours in attachment?? Three facebook friends sent it to me today… why did you put it online? wouldn’t it harm your job? what if parents see it? you must be way cooler than i thought about you man :)))).
  • Excuse me,
    But i really need to ask you – is it you at this picture in attachment? I can’t tell you where I got this picture it doesn’t actually matter… The question is is it really you???.

You can imagine how some people would react if they received a message like this in their email. Many might open the attachment out of curiousity (or even with trepidation that a private photo had leaked onto the internet!) and end up having their Windows computer infected as a result.

Sophos products protect users against the threat, detecting it as Troj/Bredo-VV and Mal/BredoZp-B.

The Bredo Trojan is nothing new, and we regularly see variants of it spammed out widely across the internet using a variety of social engineering lures to trick users into opening the dangerous attachment.

Keep your wits about you, and your anti-virus up-to-date, and you should have little to fear.

Sign up to our free newsletter.
Security news, advice, and tips.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.