Endpoint Protection

Notice! The virus-spreading spammer doesn't have your baby but is claiming to. In recent emails observed by Symantec, malicious code is being spread by hoax emails claiming to have pictures of your hijacked [sic] baby. The Subject line makes the claim that someone has  "hijacked" your baby and the attachment on the message is not a photo, but rather a zip file containing a downloader:

Subject: We have hijacked your baby
Content-Type: application/zip;        name="photo.zip"

The body will look similar to the following:

"Hey We have hijacked your baby but you must pay once to us $50 000. The details we will send later...
We has attached photo of your fume"

The email comes with an attached zip file called "photo.zip," which contains a file named "photo.exe." The executable is detected as Downloader and it is used to get additional malware from the Web. This email is very similar to the "Hit Man Spammer" that was observed last year.

Symantec has observed over three million instances of this email since Monday, August 25th. Again, we'd like to warn people to not click on suspicious attachments or links. We're currently in a hot period for virus activity and urge people to not take any unnecessary chances with infecting their machines. This includes responding to suspicious emails such as this. Responding may encourage the spammer to escalate their tactics and at the very least will alert them to the fact that yours is a live account. This opens you up for further spamming attacks.