Spammers are tempting PC users with pornographic images to encourage them to reply to messages.
The spam message poses as a game, which encourages PC users to unscramble some text with the reward being an image of a progressively undressing woman.
The tactic is designed to be effective against anti-spam protection on PCs, working by getting users to bypass it unwittingly. By typing in the text, the user becomes vulnerable to spammers looking deluge them with junk mail.
The scrambled text attacks are based around Captchas, or 'Completely Automated Public Turing test to tell Computers and Humans Apart'. A Captcha features a disfigured word that make it difficult for a computer to decipher, but can easily be identified as a real word by humans.
Captchas have now become a way for malware propagators to infiltrate systems to access resources such as e-mail accounts or blogging tools.
It is not uncommon for viruses to trick people into opening attachments loaded with malware with the false promise of seeing indecent images, but this latest trend is the first time that a spam message offers to show people more images as a reward for responding.
Security companies Trend Micro and Panda Security said they have both come across examples of this new form of threat, but not in great quantities yet. "I don't see this as a major threat to network security as such, as most companies will have provisions in place to make sure this is picked up," said Dominic Hoskins, country manager for the UK for Panda Security. "The home user is the one at risk, and is effectively being asked to create their own botnet. Of course with many business people working from home in often less well proected environments than the office, this could be a worry."
"Spammers are pulling out all the stops to get past security software and it's typical of the current trend in malware to use the individual's own basic instincts to fall for the traps," commented Mike Green, vice president of product strategy at security firm PC Tools. "Unfortunately there is no cure for human stupidity. Social engineering will always be a key component of security breaches and the criminals are using this to their advantage."
