CYBERSPACE — Security software vendor Sophos this week issued warned about a “widespread spam campaign that attempts to fool computer users into downloading a spyware Trojan horse.”According to a written statement issued by Sophos, the emails contain phrases like “hot photos from my birthday,” and links that claim to connect to adult content online. Instead, users are delivered to a website that contains the spyware trojan “Troj/Pushu-A,” an exploit that “attempts to steal information from infected PC owners.”

Once at the website, users are prompted to download what the purports to be an archive file of adult content, but is really a “malicious executable called xxx.exe or foto.exe,” according to Sophos.

“As with all messages offering salacious content, the danger is that some people may be so excited about the prospect of viewing the pictures that they’ll click before thinking about what might be in the best interests of their PC’s health,” said Graham Cluley, senior technology consultant for Sophos, in the written statement.

During their research into one of the websites hosting the spyware trojan, investigators from SophosLabs also made a “celebrity sighting,” of sorts. According to the Sophos press release, the investigators “discovered a peculiar photograph of two U.S. comedians, Lewis Black and Dave Attell, which is apparently unrelated to either the spam emails or the malware itself.”

“The comics in the photograph certainly add a strange twist, though it’s unlikely anyone will be laughing if their PCs are compromised by downloading Pushu,” said Cluley.

Cluely added that although the spam campaign has been “widely distributed,” to date Sophos has not received many reports of users actually infected with Troj/Pushu-A. He stressed that the threat is potentially serious, noting that those who do visit the phony adult sites linked to from the emails “risk throwing open their PCs for cybercriminals to steal information or carry out further online attacks.”

There’s nothing new about exploits being propagated through fake porn spam, of course, and Cluely said he doesn’t expect to see the exploit-via-erotic-enticement technique disappear any time soon.

“Thanks to its continued success rate, it seems likely that this type of illicit material will be used to tempt people into infection for some time to come,” Cluely said.

For more information on Troj/Pushu-A, see the Sophos bulletin, published here: http://www.sophos.com/virusinfo/analyses/trojpushua.html