MXLab.eu is reporting on a currently spamvertised malware campaign dropping Backdoor.IRCBot which, once executed, opens a connection back to an IRC (Internet Relay Chat) server, allowing the botnet masters easy of control.
Hello friend !You have just received a screensaver from someone who really cares about you!This is a part of the message:“Hi there! It has been a very long time since I haven’t heared anything from you! I hope you enjoy this gift from me that i’ve sent with love … I’ve just found out about this service from Sharon, a friend of mine who also told me that…”If you’d like to see the rest of the message click here to receive your 3d live Dolphins===================Thank you for using www.freeze.com ‘s services !!! Please take this opportunity to let your friends hear about us by sending them this screensaver from our personal collection !==================
From a social engineering perspective this is a -- thankfully -- badly executed campaign lacking basic quality assurance elements typical for social engineering campaigns such as timing -- see the Xmas photo -- which could have contributed to a better infection rate.
It seems though the the ubiquitous "You've received a screensaver" social engineering campaign is still favored by novice botnet masters.