Beware Thanksgiving screensavers designed to infect your PC with malware

Beware Thanksgiving screensavers designed to infect your PC with malware

ThanksgivingMillions of Americans are preparing to celebrate Thanksgiving with their families and friends.

And some might be allowing their computers help spread some festive cheer, by playing holiday tunes and – perhaps – installing Thanksgiving screensavers.

Well, hold your horses, easy on the gravy and take the mashed potato off the hotplate..

That Thanksgiving screensaver that you just downloaded from the net may not be entirely safe.

For instance, here’s a Thanksgiving screensaver that we analysed in our labs in the last 24 hours.

The filename looks innocuous enough: Thanksgiving Day.scr

And, judging by the screenshots that it displays on your screen, it’s suitably cheesie Thanksgiving fare:

Images displayed by Thanksgiving screensaver

But behind the scenes, while you are being presented with a slideshow, the screensaver is silently connecting to a website and attempting to download malicious code, allowing malicious hackers to take remote control of your computer.

Section of code, downloading further content from the net

The malware also drops a new DLL, called ssheay.dll, which poses as an Add-in for Outlook. A link to the DLL is added into the Registry, ensuring that the code is run automatically each time the computer is started.

Sophos products detect the malware as the Troj/DwnLdr-KJW Trojan horse.

The lesson, of course, is not to trust every program that you run into on the net, and think twice before installing code of dubious provenance. Don’t think you can take a short cut and not worry about computer security just because it’s Thanksgiving.

If you’re celebrating Thanksgiving, please look after yourself, your friends, and your computers. Do yourself and your friends a favour by ensuring that anti-virus software is up-to-date and your computers are properly patched against the latest security flaws.

If you haven’t already done so, check out some of the free security tools that Sophos makes available.

Best wishes from all of us at Naked Security and Sophos.

Thanks to Zoe in SophosLabs UK for assisting with this article.