Spammers are using fake information relating to Angelina Jolie to trick users into downloading and installing trojans.
This campaign is based around alleged adult footage of Jolie. Users are told that to watch a movie, they need to download a binary file video-nude-anjelina.avi.exe, which is in fact infected with Trojan.Agent.AGGZ.
The spam message comprises an explicit image of Jolie plus text that claims the mail has been sent as part of MSN's ‘featured offers' program. It aims to dupe the user into believing that the message is legitimate and also prevents spam filters from labelling the entire message as spam.
Vlad Valceanu, head of antispam research at BitDefender, which detected the spoof, said: “The spam wave is part of a larger category of unsolicited mail messages that rely on social engineering techniques in order to lure unwary users into installing trojans.
“This type of attack seems to be extremely successful, as the number of messages has quickly escalated over the past couple of months. In order to achieve their goals, spammers usually rely on international celebrities and their pictures, along with catchy, yet fake news leads.”
Jolie, who has recently given birth to twins, is also the subject of spammers who say that she had five babies – they claim to have video evidence to show the ‘event'.
However, when unwitting users click on a link, they are shown an image made to look like a Flash player while a download starts without intervention by the user. This procedure, known as ‘drive-by download', infects the binary file with Trojan.Downloader.Exchanger.Gen.1 – malware used in another spam campaign promoting antivirus utility Antivirus XP 2008.
This campaign targets those who are not computer savvy when it comes to security matters. Spammers tend to write their messages using poor English to try to bypass spam filters and throw in phrases such as: “Trojan attacks damage more than $3million/hour”.
Once installed, the bogus antivirus starts to install other high security risks such as adware, spyware and other malware from servers or sources on the internet. Additionally, it will ‘find' false security threats to encourage users to pay for a full version of the fake antivirus.