Beware Thanksgiving screensavers designed to infect your PC with malware

by Graham Cluley on November 22, 2012 | 2 Comments

Filed Under: Featured, Malware

ThanksgivingMillions of Americans are preparing to celebrate Thanksgiving with their families and friends.

And some might be allowing their computers help spread some festive cheer, by playing holiday tunes and - perhaps - installing Thanksgiving screensavers.

Well, hold your horses, easy on the gravy and take the mashed potato off the hotplate..

That Thanksgiving screensaver that you just downloaded from the net may not be entirely safe.

For instance, here's a Thanksgiving screensaver that we analysed in our labs in the last 24 hours.

The filename looks innocuous enough: Thanksgiving Day.scr

And, judging by the screenshots that it displays on your screen, it's suitably cheesie Thanksgiving fare:

Images displayed by Thanksgiving screensaver

But behind the scenes, while you are being presented with a slideshow, the screensaver is silently connecting to a website and attempting to download malicious code, allowing malicious hackers to take remote control of your computer.

Section of code, downloading further content from the net

The malware also drops a new DLL, called ssheay.dll, which poses as an Add-in for Outlook. A link to the DLL is added into the Registry, ensuring that the code is run automatically each time the computer is started.

Sophos products detect the malware as the Troj/DwnLdr-KJW Trojan horse.

The lesson, of course, is not to trust every program that you run into on the net, and think twice before installing code of dubious provenance. Don't think you can take a short cut and not worry about computer security just because it's Thanksgiving.

If you're celebrating Thanksgiving, please look after yourself, your friends, and your computers. Do yourself and your friends a favour by ensuring that anti-virus software is up-to-date and your computers are properly patched against the latest security flaws.

If you haven't already done so, check out some of the free security tools that Sophos makes available.

Best wishes from all of us at Naked Security and Sophos.

Thanks to Zoe in SophosLabs UK for assisting with this article.

Tags: , ,

2 Responses to Beware Thanksgiving screensavers designed to infect your PC with malware

  1. joe says:
    November 22, 2012 at 7:44 pm

    The email promoting this article and bringing me to this site says, in part, "Learn what to look out for,..." Well I didn't learn "what to look out for". You offered no advise on what to look out for.

    I think you tricked me into visiting this site. This makes me unhappy.

    Reply Report comment

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

About the author

Graham Cluley has worked in the computer security industry for more than 20 years, developing anti-virus software and doing quite a lot of talking about internet threats. He's won awards for his blogging, but is proudest of the text adventure games he wrote when he was still wearing short trousers. You can learn more about those (the games, not the trousers) at grahamcluley.com. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.