"Sysbug," which comes with the subject line of 'Re Mary,' pretends to be a personal e-mail from a friend called James who has attached photographic evidence of a recent tryst. The e-mail actually contains a malicious program that will allow a PC to be taken over. Systems affected are Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP.
Security firm Sophos said Tuesday that many copies of the message have been circulating by e-mail. So far, Sophos has received numerous reports of companies blocking the message at their e-mail gateway, but little evidence so far of PCs being compromised.
"There's so much sordid stuff of this nature already on the Internet that many users may actually think this is a piece of spam and just ignore it," said Graham Cluley, senior technology consultant at Sophos.
Even though Sysbug, also called Backdoor-CAG is unlikely to become a major security threat, IT managers need to be alert, as any one of their staff could make the mistake of opening the attachment.
Kevin Hogan from Symantec's Security Response team said the Trojan is unlikely to spread much further because it does not self-replicate: "I don't see it getting worse because it relies on manual spamming--unless they re-spam it," he said.
Graeme Wearden of reported from London.