Macabre malware makes Halloween scary

A gang of malware propagators is using Halloween to lure PC users into responding to malicious spams, warns a security firm.

A gang of cybercriminals is using the Halloween festivities to encourage unwary PC users to respond to malicious spam emails.

The emails are marked with a variety of subject lines, like 'Happy Halloween', 'Dancing Bones', 'Show this to the kids' and 'Send this to your friends', warned security specialist firm Sophos.

Advertisement - Article continues below

It said the mails direct internet users to a Halloween-themed website offering a download of a dancing skeleton game - which is actually designed to install a Trojan giving hackers remote access to the user's PC.

"This is just the latest incarnation of the ecard campaign, also known as Storm, which has dominated the malware scene for months," said Graham Cluley, senior technology consultant for Sophos.

He says the gang responsible are experts at choosing topical disguises and crafting alluring emails that the unwary may find difficult to resist.

"What's even more frightening is that when innocent users click to see the skeleton dance, the site also plays The Vengaboys song 'Boom boom boom boom'," he said. "The good news is that advanced IT security defences are able to stop an attack like this dead in its tracks."

Earlier this month, Sophos identified another Halloween-related spam email campaign that tried to lure recipients into handing over a range of personal information with the promise of a financial reward in the form of a gift card.

Advertisement - Article continues below
Advertisement - Article continues below

That email used a variety of puns associated with Halloween celebrations. Clicking on links contained in the email would have taken computer users to a website asking for a large amount of personal information before presenting a stream of questionnaires on subjects as diverse as student loans, gender and cigarette smoking.

"It was not immediately obvious whether this spam was being sent to commit identity theft or whether it's market research gone mad," said Cluley. "If you visit the site and give it your personal information the chances are that you will be bombarded with unwanted junk email until hell freezes over."

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now


mobile security

Parachute's Superlock feature keeps your phone recording in an emergency

2 Jun 2020

K2View innovates in data management with new encryption patent

28 May 2020
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020

Most Popular


Apple confirms serious bugs in iOS 13.5

4 Jun 2020

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020

Tycoon ransomware discovered using Java image files to target software firms

5 Jun 2020