Beware Thanksgiving screensavers designed to infect your PC with malware

Filed Under: Featured, Malware

ThanksgivingMillions of Americans are preparing to celebrate Thanksgiving with their families and friends.

And some might be allowing their computers help spread some festive cheer, by playing holiday tunes and - perhaps - installing Thanksgiving screensavers.

Well, hold your horses, easy on the gravy and take the mashed potato off the hotplate..

That Thanksgiving screensaver that you just downloaded from the net may not be entirely safe.

For instance, here's a Thanksgiving screensaver that we analysed in our labs in the last 24 hours.

The filename looks innocuous enough: Thanksgiving Day.scr

And, judging by the screenshots that it displays on your screen, it's suitably cheesie Thanksgiving fare:

Images displayed by Thanksgiving screensaver

But behind the scenes, while you are being presented with a slideshow, the screensaver is silently connecting to a website and attempting to download malicious code, allowing malicious hackers to take remote control of your computer.

Section of code, downloading further content from the net

The malware also drops a new DLL, called ssheay.dll, which poses as an Add-in for Outlook. A link to the DLL is added into the Registry, ensuring that the code is run automatically each time the computer is started.

Sophos products detect the malware as the Troj/DwnLdr-KJW Trojan horse.

The lesson, of course, is not to trust every program that you run into on the net, and think twice before installing code of dubious provenance. Don't think you can take a short cut and not worry about computer security just because it's Thanksgiving.

If you're celebrating Thanksgiving, please look after yourself, your friends, and your computers. Do yourself and your friends a favour by ensuring that anti-virus software is up-to-date and your computers are properly patched against the latest security flaws.

If you haven't already done so, check out some of the free security tools that Sophos makes available.

Best wishes from all of us at Naked Security and Sophos.

Thanks to Zoe in SophosLabs UK for assisting with this article.

, ,

You might like

2 Responses to Beware Thanksgiving screensavers designed to infect your PC with malware

  1. joe · 1052 days ago

    The email promoting this article and bringing me to this site says, in part, "Learn what to look out for,..." Well I didn't learn "what to look out for". You offered no advise on what to look out for.

    I think you tricked me into visiting this site. This makes me unhappy.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley