Angelina Jolie 'nudes' fuel malware spike

Spammers are promising nude pics of Angelina Jolie to spread malware

One in every 833 emails in September were infected with malicious attachments compared to one in every 1,000 during August, new research reveals.

The jump in malware attachments was primarily due to a coordinated campaign by hackers to spam out the Pushdo Trojan during the second half of September, according to security firms.

The emails, which offered naked pictures of Hollywood actresses such as Angelina Jolie and Holly [sic] Berry, carry a malicious payload designed to give hackers control of infected PCs.

Security firm Sophos reported that Pushdo accounted for almost four in every five infected emails during a single 24-hour period in the last week of September.

"The Pushdo Trojan has been spammed out every Wednesday since March 2007 using a variety of enticing disguises," said Carole Theriault, senior security consultant at Sophos.

"But lately the cyber-criminals have stepped up a gear and have begun to spam innocent computer users at any time and on any day of the week.

"The trick of tempting users with scantily clad pictures of hot-looking girls is as old as the hills, but people still fall for it. This outbreak underlines that hackers have not turned their backs on using email as a vector for attack. "

Theriault added that web attacks are continuing to cause concern for computer users around the world, with the top two threats, Mal/Iframe and ObfJS, accounting for over three-quarters of infected web pages.

Sophos detected an average of 5,400 new compromised web pages hosting malicious code each day during September.

China remained at the top of the malware league, hosting more than half of all infected web pages detected by Sophos during September.

The proportion of compromised pages hosted in the US dropped during the last month from 20.8 per cent to 17.1 per cent, but the number of infected pages hosted in Russia increased from 11.3 per cent to 14.4 per cent.

Overall, more than 85 per cent of all compromised web pages worldwide are hosted in just three countries.

"Ukraine, however, stands out as a country with a disproportionate number of infected web pages," said Theriault.

"This is likely to be a result of a lack of IT education and available resource to tackle web-based malware.

"Ukrainian authorities should consider raising the profile of the cyber-crime threat. Through action, education and legislation, Ukraine could disappear completely from the top 10."

Top 10 list of email-based malware threats detected by Sophos in September 2007:

1. W32/Netsky 29.9%
2. Troj/Pushdo 27.4%
3. W32/Mytob 9.2%
4. W32/Zafi 8.3%
5. Mal/Iframe 6.0%
6. Mal/Behav 4.6%
7. W32/MyDoom 4.1%
8. Mal/Basine 2.5%
9. W32/Bagle 1.4%
10. W32/Traxg 1.2%

Top 10 list of web-based malware threats detected by Sophos in September 2007:

1. Mal/Iframe 59.5%
2. Mal/ObfJS 17.0%
3. Troj/Decdec 3.7%
4. Troj/Fujif 3.6%
5. Mal/EncPk 1.6%
6. Troj/Iffy 1.3%
7. Troj/Pintadd 1.3%
8. Troj/Psyme 1.0%
9. Mal/Packer 0.9%
10. Troj/Ifradv 0.8%
Other 9.3%

The top 10 list of countries hosting malware-infected web pages detected by Sophos in September 2007:

1. China (including Hong Kong) 54.9%
2. United States 17.1%
3. Russia 14.4%
4. Ukraine 3.7%
5. Germany 1.0%
=6. United Kingdom 0.7%
=6. Poland 0.7%
=6. Netherlands 0.7%
=9. Czech Republic 0.6%
=9. Canada 0.6%
Others 5.6%