A widespread spam campaign has been launched which pretends that an e-mail recipient's baby has been kidnapped in a bid to infect their computer with malware.
The campaign tries to trick innocent computer users into opening a file claiming to be photographs of the infant, but instead it contains a malicious Trojan horse known as Troj/Resex-Fam, reports web security firm Sophos.
The Trojan downloads further malware from the internet to compromise Windows PCs and steal information.
The malicious e-mails carry the subject line "We have hijacked your baby" and claim that a £25,000 reward must be paid for the child's safe return.
Graham Cluley, senior technology consultant at Sophos, said, "There is no other way of putting it, this attack is sick. Hackers have no qualms about exploiting a family's natural instinct to defend their most vulnerable members. Hopefully people will pause before opening the attachment, but the reflex action of some may be to click first and think later."
He said, "Receiving or reading these widespread e-mails themselves does not mean you are infected, but if users open the attachment they will be infecting their Windows computer, and giving hackers an open door to take control and steal information.
"Once a PC is commandeered, criminals can spy, steal or launch attacks against other parts of the net."