There's been a banking trojan spam run in four European countries this morning. The targeted countries are The Netherlands, Switzerland, Latvia, and Finland.

The e-mails claim to be from a Russian student girl looking for a local sex partner — or failing that, just a friend. The mail urges the recipient to check her photos on a site called livejournalhelper.cn (in China).

Unfortunately, the site only has thumbnails of Ms. Polinka's pictures; if you try to view the larger images you're prompted by an error message of a missing plug-in that you supposedly need. The plug-in of course is the malware itself — a manual man-in-the-middle banking trojan.

Here's what the sites look like in different languages:









This malware is very closely related to the so called "Mikkeli" case, found in February.

We detect the malware as Trojan-Spy:W32/Zbot.KZ. More information is available in the Zbot.HS description.