Sophos is intercepting a malicious spam attack, which attempts to infect recipient’s computers with a Trojan horse by pretending to contain images of the Scandinavian sender.

Here is what a typical malicious email looks like:

Subject: Hei Man,
From: "Facebook"<info@hi5.com>
Attached file: Image123.zip

Message body:
Hei Man,

Jeg vet ikke hvordan jeg skal si det, men jeg har prшvde fшr en lang tid til е sende deg noen bilder, men jeg har tenkt at du ikke er interessert i е se meg.
Men nе skal jeg sende deg bilder i vedlegg.
Last ned bilder og trekke ut de, er jeg sikker pе at du vil like de. Passordet er: 123456

Ha en flott dag.

The message, which appears to be written in Norwegian, roughly translates to:

Hey Man,

I do not know how to say it, but I have tried for a long time to send you some pictures, but I've been thinking that you are not interested in seeing me.
But now I'll send you pictures in the attachment.
Download the images and extract them, I'm sure that you will like them. The password is: 123456

Have a great day.

The attached file, named Image123.zip, is encrypted – presumably in an attempt to avoid detection by weaker anti-virus products – but the email message contains the password to unlock the ZIP and reveal the malware to you.

Of course, an attack like this is only likely to trick users who speak Norwegian (or its close linguistic neighbour Danish), but you can imagine how a message claiming to come from a Facebook or Hi5 friend might trick some people into checking out what hides behind the ZIP without thinking.

Sophos detects the Trojan horse proactively as Mal/Behav-043 and is adding detection of the ZIP file as Troj/BredoZp-BU.

• LinkedIn Spam Attack Spreads ZeuS Malware (PC Magazine)
  PC Magazine - Don't click social media requests from strangers. You could open up all of your passwords and personal information to theft by the ZeuS malware. View full post on Yahoo! News: Securit...
• LinkedIn Spam Attack Spreads ZeuS Malware
  Don't click social media requests from strangers. You could open up all of your passwords and personal information to theft by the ZeuS malware. View full post on PCMag.com Security Coverag...
• “Download photoalbum” another variant of “i got u surprise”
  Previously we have written about the "i got u surprise" spam trojan on Facebook. And today, we still discovered another variant. This time, the message that is received by the victim is only "u?" and ...
• New Android.Spy modification turns smart phones into zombies
  Doctor Web-the Russian anti-virus vendor-unveils the discovery of a malicious program belonging to the Android Spy family. The malware poses a threat to owners of Android smart phones. Once the Trojan...
• New Android Trojan horse could prove costly
  Some vendors are calling it HongTouTou, others have named it Adrd, and Sophos (rather unimaginatively in my view!) treats it as a variant of Geinimi, but whatever your anti-virus product chooses to ca...
• “porn sex free site” spam attack on .edu sites
  There seems to be a rather nasty spamrun taking place on many .edu sites hosting forums at the moment. Filtering out lurid trackback spam and genuine .Edu articles about pornography in ...
• Emsisoft Security Ticker: Warning! Surprise spam trojan on Facebook
  Emsisoft Security Ticker: Warning! Surprise spam trojan on Facebook Full story: a-squared - English...
• Warning: Surprise spam trojan on Facebook
  Emsisoft - Ever received messages from your Facebook friends containing a notice or invitation, such as an invitation to visit a particular site, added with an interesting message, like “Hey watch thi...
• Geinimi Android Trojan horse discovered
  There has been something of a sting in the tail of the year for lovers of the Android mobile operating system, as researchers uncovered a new Trojan horse. The Troj/Geinimi-A malware (also known as "...
• UPS Spam Mail
  Emsisoft Labs are always on the lookout for something out of the ordinary happening, and we recently came across a circulation of spam portraying as fake FedEx Emails. Emsisoft Anti-Malware will det...