Bogus Naked Facebook Email Alert Spam with Malware

I got a couple emails today saying that someone had been posting naked pictures of me on Facebook. Each email came with .zip files attached which supposedly contained copies of the pictures. I never opened the attachments and I'm glad because at least 1 security company has identified them as trojan viruses.

The emails came from a private email address and one belonging to Pakistan Telecommuication Company Limited (PTCL). The emails are as follows:

Email 1

Subject: RE:They killed your privacy man your photo is all over facebook! NAKED!

Body:

Hello ,

I got to show you this picture in attachment. I can't tell who gave it to me sorry but this chick looks a lot like your ex-gf. But who's that dude??.

Email 2

Subject: RE:They killed your privacy man your photo is all over facebook! NAKED!

Body:

Hate to bother you ,

I have a question- have you seen this picture of yours in attachment?? Three facebook friends sent it to me today... why did you put it online? wouldn't it harm your job? what if parents see it? you must be way cooler than I thought about you man :))))

The source information for both messages were as follows:

Message 1:

Received: from 182.177.195.125 (182.177.195.125) by ***********.com with MailEnable ESMTP; Mon, 23 Apr 2012 06:31:35 +0300

Received: from 150.97.94.75 (helo=nnbml.ykdtizt.tv)

by with esmtpa (Exim 4.69)

(envelope-from )

id 1MM949-5550pn-J7

for webmaster@**************.com; Sun, 22 Apr 2012 19:22:00 -0800

From: "Gloria Rosa" snellwm@ritenour.k12.mo.us

To: webmaster@**************.com

Subject: RE:They killed your privacy man your photo is all over facebook! NAKED!

Date: Sun, 22 Apr 2012 19:22:00 -0800

MIME-Version: 1.0

X-Priority: 3

X-Mailer: ntqlrqew 10

Message-ID: 3305244767.82M2KTXT375105@gitlffizinqzbt.jimyoyjizjt.info

Content-Type: multipart/mixed;

boundary="----=a__lapbwud_28_00_50"

Return-Path: snellwm@ritenour.k12.mo.us

Message 2

Received: from 182.177.195.125 (182.177.195.125) by ***********.com with MailEnable ESMTP; Mon, 23 Apr 2012 06:30:45 +0300

Received: from ocqtdbqhoaqogjqeujpehpchpraoboeqvx (192.168.1.187) by ocqtdbqhoaqogjqeujpehpchpraoboeqvx.clickz.com (182.177.195.125) with Microsoft SMTP Server id 8.0.685.24; Sun, 22 Apr 2012 19:21:10 -0800

Message-ID: 4F94CAB0.907050@sterkinekor.com

Date: Sun, 22 Apr 2012 19:21:10 -0800

From: unsuccessfully21@williamsguitarcompany.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.9) Gecko/20100921 Thunderbird/3.1.4

MIME-Version: 1.0

To: webmaster@***********.com

Subject: RE:They killed your privacy man your photo is all over facebook! NAKED!

Content-Type: multipart/alternative;

boundary="------------08090700508040806090409"

Return-Path: pintoesni488@sterkinekor.com