A widespread spam campaign has been launched which pretends that
an e-mail recipient's baby has been kidnapped in a bid to
infect their computer with malware.
The campaign tries to trick innocent computer users into opening
a file claiming to be photographs of the infant, but instead it
contains a
malicious Trojan horse known as Troj/Resex-Fam,
reports web
security firm Sophos.
The Trojan downloads further malware from the internet to
compromise Windows PCs and steal information.
The malicious e-mails carry the subject line "We have hijacked
your baby" and claim that a £25,000 reward must be paid for the
child's safe return.
Graham Cluley, senior technology consultant at Sophos, said,
"There is no other way of putting it, this attack is sick. Hackers
have no qualms about exploiting a family's natural instinct to
defend their most vulnerable members. Hopefully people will pause
before opening the attachment, but the reflex action of some may be
to click first and think later."
He said, "Receiving or reading these widespread e-mails
themselves does not mean you are infected, but if users open the
attachment they will be infecting their Windows computer, and
giving hackers an open door to take control and steal
information.
"Once a PC is commandeered, criminals can spy, steal or launch
attacks against other parts of the net."