New Spam Trick Claims 'We Caught You Naked'

A new outbreak of spam featuring personalized subject lines claiming that the receiver has been caught on video naked is hitting inboxes worldwide, Marshal's TRACE Team announced today. The newest malicious spam campaign is being sent from the Srizbi botnet and includes a clickable link in the e-mail. The subject line of the spam message reads "we caught you naked [your name]! check the video." The message itself contains only a link which falsely claims to be a video of the receiver naked. In reality the PC becomes a member of the Srizbi botnet.

"This is a simple but clever form of social engineering. It is personalized by taking the name component of your e-mail address and inserting it into the spam subject line. It is not a new trick by spammers, but it is proven to get your attention," said Bradley Anstis, Vice President of Products at Marshal. "In addition, the message seeks to embarrass you by claiming to have video footage of you naked. The spammers are clearly hoping to shock unsuspecting recipients into investigating this compromising footage. In their haste to look into the claim, some people might not consider the link in the message leads to Malware ," explained Anstis.

According to Marshal, the Srizbi botnet is responsible for sending out the new spam. Marshal identifies the Srizbi botnet as the largest spam-sending botnet currently on the Internet, responsible for 45 percent of all spam caught by Marshal's TRACE Team. Other researchers have identified Srizbi as the world's largest current botnet, comprising 315,000 bots and responsible for an estimated 60 billion spam messages per day.

"We consider Srizbi the biggest current spam threat. In December last year, we attributed 20 percent of the spam we caught to Srizbi and now it is more than double that. It is also more than double the next biggest botnet in terms of its spam volume. We have observed individual Srizbi bots sending as much as 8,000 spam messages per hour," said Anstis. "The Storm botnet still garners the lion's share of the media's attention and it was certainly a major pioneer in botnet development, but today it is responsible for just 1 percent spam. The biggest lesson that Storm taught spammers was the power of simple social engineering as a means of infecting computers and propagating your botnet. The simplest tricks are the best and this new one certainly fits the criteria."