Tweet

There appeared a timely follow-up to the Angelina Nude Movie spam run last month just as the coveted first pictures of the so-called Brangelina’s twins (offspring of actor couple Brad Pitt and Angelina Jolie) came out in celebrity magazines.

Trend Micro has just received reports of a new spam email message using the same social engineering technique to trick unknowing users into downloading malicious files onto their systems.

Detected by Trend Micro as TROJ_CHEPVIL.RAR, this compressed .RAR file is attached to email messages purportedly containing a nude video of Hollywood A-List actress Angelina Jolie (although her first name is misspelled). A password is even provided within the email message to extract the said attachment.

Below is a screenshot of the spammed email message:

Of course, there is no video in the attachment — only another Trojan detected as TROJ_CHEPVIL.C. Executing the Trojan triggers a series of downloads starting with TROJ_AGENT.AVSZ (which disables Windows Firewall) and TROJ_RENOS.ADX.

Upon execution, TROJ_RENOS.ADX downloads another malicious file, which is detected as TROJ_FAKEALER.HO.

Potential victims, especially fans of the actress should be wary of this spam run, and are strongly advised not to open attachments from unknown senders.

Attacks leveraging on the popularity of celebrities are abundant; using them as the perfect bait in spam runs. Attacks similar to the one discussed on this post can be found here:

• Gimme More… Malware
• The Malware-Gossip Duo
• When Spam Promises the Stars
• More Pop Culture Spam
• ‘Angelina Jolie Nude Movie’ Spam

Meanwhile, Trend Micro customers are already protected against this Web threat attack by the Smart Protection Network. Updates on this developing issue will be posted as soon as they are available.