Macabre malware makes Halloween scary

A gang of malware propagators is using Halloween to lure PC users into responding to malicious spams, warns a security firm.

A gang of cybercriminals is using the Halloween festivities to encourage unwary PC users to respond to malicious spam emails.

The emails are marked with a variety of subject lines, like 'Happy Halloween', 'Dancing Bones', 'Show this to the kids' and 'Send this to your friends', warned security specialist firm Sophos.

It said the mails direct internet users to a Halloween-themed website offering a download of a dancing skeleton game - which is actually designed to install a Trojan giving hackers remote access to the user's PC.

"This is just the latest incarnation of the ecard campaign, also known as Storm, which has dominated the malware scene for months," said Graham Cluley, senior technology consultant for Sophos.

He says the gang responsible are experts at choosing topical disguises and crafting alluring emails that the unwary may find difficult to resist.

"What's even more frightening is that when innocent users click to see the skeleton dance, the site also plays The Vengaboys song 'Boom boom boom boom'," he said. "The good news is that advanced IT security defences are able to stop an attack like this dead in its tracks."

Earlier this month, Sophos identified another Halloween-related spam email campaign that tried to lure recipients into handing over a range of personal information with the promise of a financial reward in the form of a gift card.

That email used a variety of puns associated with Halloween celebrations. Clicking on links contained in the email would have taken computer users to a website asking for a large amount of personal information before presenting a stream of questionnaires on subjects as diverse as student loans, gender and cigarette smoking.

"It was not immediately obvious whether this spam was being sent to commit identity theft or whether it's market research gone mad," said Cluley. "If you visit the site and give it your personal information the chances are that you will be bombarded with unwanted junk email until hell freezes over."

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

Defense Dept. expands vulnerability disclosure program to all publicly accessible defense systems
ethical hacking

Defense Dept. expands vulnerability disclosure program to all publicly accessible defense systems

5 May 2021
Security researchers take control of a Tesla via drone
ethical hacking

Security researchers take control of a Tesla via drone

5 May 2021
Best free malware removal tools 2021
Security

Best free malware removal tools 2021

5 May 2021
Acuant acquires identity verification provider Hello Soda
mergers and acquisitions

Acuant acquires identity verification provider Hello Soda

4 May 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021
Dell patches vulnerability affecting hundreds of computer models worldwide
cyber security

Dell patches vulnerability affecting hundreds of computer models worldwide

5 May 2021