Watch_video.zip malware attack

Heads up folks! There’s a major new malware attack happening right now.

Email messages are being spammed out with a variety of lurid x-rated subject lines. Attached to the emails is a file called watch_video.zip, which contains malware that (at the time of writing) is not being detected by most anti-virus products.

Porn subject lines disguise watch_video.zip malware attack

Here’s an example of a typical email:

Sign up to our free newsletter.
Security news, advice, and tips.

Watch video malware attack email

I’m reliably informed that Joyce Oliveira is a Brazilian porn star. I can’t comment on whether she is in the habit of forgetting to wear her underwear or not. Emails with other subject lines can have different message bodies, albeit all of a similar pornographic nature.

In my examinations so far, I’ve found all of the messages (regardless of different subject lines and message bodies) contain the phrase:

Open attached file to watch video

Sophos is now detecting the ZIP file as Mal/BredoZp-B and the file contained inside as Troj/Mdrop-CPC. Users of other products would be wise to contact their vendor to see if they have an update available.

So remember not to be tempted into opening a sexy video that is sent to you out of the blue. But you knew that already, right?


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.