Dmitry Samosseiko wrote a blog entry at Sophos about a spam which promises a naked clip of Angelina Jolie. There is attachment in the blog entry of what the website looks like when the reader visits the link on the email.

It shows a player with various video statistics on the bottom. A pop-up message shows up and it says that the user needs to download a codec to watch the clip. The codec is video.exe and it is detected as Troj/Inject-CR according to the blog entry.

The page is hosted on a domain that belongs to a textile manufacturer.

Source: Sophos