Sophos: Cybercriminals tempt the unwary with macabre malware
October 2007 by Sophos
IT security and control firm Sophos is warning that a cybercriminal gang is attempting to hijack the Halloween festivities to infect the PCs of innocent computer users.
Malicious spam emails direct internet users to a Halloween-themed website which offers a download of a dancing skeleton game, but which is really designed to install a Trojan horse that gives the hackers remote access to the user’s PC. Emails containing the malicious links have a variety of subject lines including the following:
The most amazing dancing skeleton
Show this to the kids
Send this to your friends
Man this rocks
"This is just the latest incarnation of the ecard campaign, also known as Storm, which has dominated the malware scene for months. The gang responsible are experts at choosing topical disguises and crafting alluring emails that the unwary may find difficult to resist," said Graham Cluley, senior technology consultant for Sophos. "What’s even more frightening is that when innocent users click to see the skeleton dance, the site also plays The Vengaboys song ’Boom boom boom boom’. The good news is that advanced IT security defences are able to stop an attack like this dead in its tracks."
Unlike some other IT security vendors, Sophos did not have to issue an update to protect its users against the malware as the firm’s Behavioral Genotype Protection technology was already able to proactively identify the script at the website as Troj/JSXor-Gen and the downloaded executable as Mal/Behav-146. Users of other vendors’ products are recommended to update their protection and ensure that their PCs are defended against the threat.
Earlier this month, Sophos reported how spammers had distributed Halloween-related emails with the intention of gathering personal information from recipients: