Free porn via an Internet Explorer Vulnerability? It sounds too good to be true, doesn't it? When was the last time anything good came out from a vulnerability affecting Microsoft's products? Well, joking aside, it does sound too good to be true. This because the free porn offering is an integer part of a social engineering scheme targeting users of unpatched versions of IE prior to Internet Explorer 7.

Sophos, an integrated threat management solutions provider, has warned of the discovery of an aggressive spam campaign promoting free pornography. But, instead of free explicit images and videos, victims will be hit with a Trojan horse. "Psyme-DL exploits a Microsoft Internet Explorer vulnerability, MS06-014, and when the weblink is accessed using Firefox, a message is displayed requesting the user to change browser," explains Sophos. So if you use Firefox, you are safe. Also, Internet Explorer 7 and prior completely patched versions of the browser are not affected by this vulnerability.

The spammed messages contain a link redirecting the victims to a malicious website designed to download Psyme-DL via the ADODB stream vulnerability. No user interaction is necessary as the flaw allows for remote code execution.

"Despite the numerous warnings users have probably heard about safe computing and appropriate online behavior, emails with racy subject lines still seem hard to resist for some users," said Carole Theriault, senior security consultant for Sophos. "By infecting machines belonging to users who thought they might steal a peak at some free porn, this malware campaign leads victims down a rathole they might feel embarrassed to be found in. The author of Psyme-DL is not just looking to humiliate but is also attempting to take control of the machines in order to spy, steal or cause havoc on PCs."