Trojan poses as fake Lycos screensaver

The fallout from Lycos' anti-spam campaign continues with hackers using it to try and trick email users with a password-stealing Trojan
Written by Dan Ilett, Contributor

An identity-stealing email Trojan that disguises itself as the Lycos anti-spam screensaver is being distributed around the Internet.

According to antivirus company F-Secure, the key-logging Trojan steals usernames, passwords, credit card details and email addresses and travels as an email attachment.

Mikko Hyppönen, F-Secure's director of antivirus research, said that the recent attention from the Lycos story could be an incentive to open the file.

"The whole case has been full of surprising turns from the beginning," said Hyppönen. "Whoever is behind this is someone who felt they were being attacked by Lycos. They are trying to teach people a lesson. A lot of people heard about the screensaver but couldn't download it because the ["Make love not spam"] Web site was down. Lots of people would be interested in looking though."

The subject of the email read: "Be the first to fight spam with Lycos screen saver", with an attachment file labelled: "Lycos screensaver to fight spam.zip".

Hyppönen warned that the Trojan was dangerous if opened, but no more so than other password-stealing malware.

On Friday, Lycos terminated its "Make Love Not Spam" screen saver campaign after it was bombarded with criticism for attacking spammers' Web sites using denial-of-service-like attacks.

Lycos also denied it took brought down two Web sites hosted in China after it claimed it had no intention taking Web sites offline, just slowing them down to raise the cost of spamming.

Editorial standards