A new Trojan horse infects Windows computers, collects users' images and sends them back to a file transfer protocol (FTP) server in Iraq.
The malware, according to Sophos' Naked Security blog, is programmed to rifle through hard drives for files with ".jpg," ".jpeg" and ".dmp" suffixes and was researched by McAfee and Trend Micro as well.
Sophos' Chester Wisniewski speculated that the hackers may be looking for "*wink* candid photos *wink*" in order to extort money from their subjects.
"Perhaps they are trolling for photos of sensitive company documents, screen captures or faxes," Wisniewski said. "Are they looking to get scanned copies of sensitive identity documents like passports, Social Security numbers and driver's licenses?"
Data-theft attacks have mostly gone after text-based data, as Trend Micro engineer Raymart Paraiso pointed out, and this new focus on images may signal a shift in strategy as people change the manner in which they store their information.
"Users typically rely on photos for storing information, both personal and work-related, so the risk of information leakage is very high. Collected photos can be used for identity theft, blackmail, or can even be used in future targeted attacks," Paraiso wrote on the TrendLabs blog.
Wisniewski, however, speculated that the data may be being used for something even more sinister than identity and petty theft: espionage.
"If I had to make a guess, I would think the above evidence suggests it is being used for espionage, but we can't be sure," Wisniewski wrote.
Technically savvy readers can defend against this and similar bugs by blocking port 21, designated for FTP, on their firewalls.