No, we haven't visited Egypt. But we're seeing a malware distribution run using a unique lure.
First, you get an e-mail like this from "Anita":
The ZIP contains these files:
How nice, Anita has even included an image viewer for us so we can take a look at her photos.
However, if you run viewer_img.exe, you'll get just an empty Paintbrush window:
Of course, this is just a bluff. In the background it's dropping and executing a variant of the LdPinch data-stealing trojan.
Let's see. It loads up a Russian version of pbrush.exe. The images are named "egipet.jpg" — Egipet is the Russian spelling of Egypt. And LdPinch is Russian malware. So this attack is probably (we're guessing) coming from … Denmark!