A spam campaign claims there has been an explosion at a nuclear power station in the suburbs of London.
The malware attack message claims to contain images of victims from the explosion on 9 September.
The e-mails claim to contain images in an attachment called victims.zip.
Clicking on the attachment will not open any pictures of the supposed explosion but runs a Trojan horse detected by web security firm Sophos as Troj/Agent-HQE.
Once installed, the malware to spies on the victim's computer and allows hackers to steal financial information.
"Rather than use a real-life event, the hackers have turned to fictional explosions and conspiracy theories, in the hope they will strike a nerve with potential victims, who will then click on the attachment without a second thought," said Graham Cluley, senior technology consultant at Sophos.