The Troj/Sinx-N trojan spams emails with a subject line of "CCTV still of Rapist," "Do you recognize this person?" or "Campus Student Raped," Sophos said Friday.
Users who click on the attached files, which claim to be photographs of the suspect, will launch malware onto their PCs, allowing hackers access to the computer, Sophos warned.
"Launching the attached file will not show you a CCTV picture of a rapist, but instead punch a hole in the security of your PC," said Graham Cluley, senior technology consultant at Sophos. "Hackers are reaching an all-time low with this attempt to encourage kind, well-meaning people into opening their malicious file."
The message, which contains two misspellings, reads: "Hello, During the early morning of Jan. 25, 2006, a campus student was the victim of a horrific sexual assault within college grounds. Eyewitnesses report a tall black male in grey pants running from the scene. Campus CCTV has caught this man on camera and are looking for ways to identify him. If anyone recognizes the attached picture could they inform administraion immediatly."
Incorrect spellings often are indicative of bogus and fraudulent emails.
Sophos recommended that end-users maintain updated anti-virus software and employ smart computer practices. Organizations, meanwhile, should protect their email gateways with software that wards off spam and viruses and blocks unsolicited executable code at the gateway, the firm said.
Sophos said the spams might not be limited to colleges.