Racy pics of Russian pop duo t.A.T.u tempt e-mail users

Trojan horse masquerades as sexy pictures of Russian teens

Researchers at IT security vendor Sophos today warned of new spyware Trojan horse that promises racy pictures of the teenage Russian pop group t.A.T.u. as a means to entice e-mail users to click on a malicious attachment.

The Banito-BE Trojan horse, according to Sophos, has been spammed out to e-mail addresses around the world promising intimate information on the duo, best known for their schoolgirl outfits and sexually charged performances. The e-mail has three files attached, one of which is a malicious file that could give hackers access to PCs, Sophos says. TATU.CHM is a malicious compressed HTML help file, which offers an album of images but also opens up the PC to malicious activity. Sophos says the potential harm of such files includes data and ultimately financial theft.

"This Trojan exploits the still widespread interest in the Sapphic school uniform-wearing pop duo's personal life, in order to log computer keystrokes, hijack users PCs and steal information," said Graham Cluley, senior technology consultant at Sophos, in a media alert on the security threat. The company also notes that the discovery of the Trojan coincides with the release of a 20-song t.A.T.u. retrospective earlier this month.

To avoid infection, e-mail users should not click on the attachment and IT departments should implement e-mail gateways to protect their PCs in a consolidated manner, Sophos recommends.

Other Trojan horses have exploited public interest in celebrities such as Halle Berry, Anna Kournikova, Jennifer Lopez and Britney Spears, who last year was ranked the top virus celebrity.

"This celebrity-related malware has not been designed for mischief-making -- its purpose is financial gain," added Cluley.

Further information about the Banito-BE Trojan horse, including the e-mail text and a screenshot of the TATU.CHM attachment contents, is available.

Join the newsletter!

Error: Please check your email address.

More about Sophos

Show Comments