Virus Analysis:
Troj/Sysbug-A
Aliases: Backdoor-CAG
Type: Trojan
Description: Troj/Sysbug-A is a Trojan that retrieves system information and allows unauthorised access to the compromised computer. This Trojan horse has been distributed in the form of an email with the following characteristics:
From: james2003@hotmail.com
Subject line: Re[2]: Mary
Message text:
Hello my dear Mary,
I have been thinking about you all night. I would like to apologize for the other night when we made beautiful love and did not use condoms. I know this was a mistake and I beg you to forgive me.
I miss you more than anything, please call me Mary, I need you. Do you remember when we were having wild sex in my house? I remember it all like it was only yesterday. You said that the pictures would not come out good, but you were very wrong, they are great. I didn't want to show you the pictures at first, but now I think it's time for you to see them. Please look in the attachment and you will see what I mean.
I love you with all my heart, James.
Attached file: Private.zip (contains wendynaked.jpg.exe)
Troj/Sysbug-A will copy itself to the Windows folder as sysdeb32.exe and adds the following registry entry to ensure it gets run at system logon:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SystemDebug
Troj/Sysbug-A creates the files svc.sav in the Windows folder and C:\temp35.txt. These files are not malicious and can simply be deleted.
http://www.sophos.com/virusinfo/analyses/trojsysbuga.html
Sophos, a world leader in anti-virus and anti-spam protection for businesses, has received several reports of a new Trojan horse - Sysbug (Troj/Sysbug-A). Distributed via a saucy email, this Trojan horse is disguised as an attachment promising naked pictures. If run, Sysbug allows hackers to gain unauthorised remote access to affected computers.
The email arrives with the subject line 'Re[2] Mary' and contains the following text:
"Hello my dear Mary,
I have been thinking about you all night. I would like to apologize for the other night when we made beautiful love and did not use condoms. I know this was a mistake and I beg you to forgive me.
I miss you more than anything, please call me Mary, I need you. Do you remember when we were having wild sex in my house? I remember it all like it was only yesterday. You said that the pictures would not come out good, but you were very wrong, they are great. I didn't want to show you the pictures at first, but now I think it's time for you to see them. Please look in the attachment and you will see what I mean.
I love you with all my heart, James."
"This Trojan horse has been spammed out en masse in an attempt to hit as many people as possible," said Graham Cluley, senior technology consultant for Sophos. "No matter what provocative pics an email may promise, computer users need to think twice before opening an unsolicited attachment. Simply put: if your name isn't Mary, and you didn't have unprotected sex with a guy called James the other night, what on earth are you doing even thinking of opening the attachment? You really shouldn't be surprised if you and your computer end up being unpleasantly compromised."
Sophos's anti-virus researchers have made available protection against the Trojan horse.
http://www.sophos.com/virusinfo/articles/sysbug.html

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic