Security company Sophos discovered a Halloween spam campaign which attempts to redirect the users to malicious websites 'equipped' with dangerous files. The spam messages can be easily identified using their subjects: 'Happy Halloween', 'Dancing Bones', 'The most amazing dancing skeleton', 'Shows this to the kids', 'Send this to your friends' or 'Man this rocks'. According to the reports, the messages require the users to visit a malicious website in order to download a dancing skeleton game but instead of saving the Halloween content, they actually get a Trojan horse. The interesting fact is that the infected file gives the attackers the possibility to control the affected computer from any system connected to the Internet.

"This is just the latest incarnation of the poisoned ecard attack (also known as Storm) which has dominated the malware scene for months. The gang responsible are experts at choosing topical disguises or crafting alluring emails that the unwary may find difficult to resist," said Graham Cluley, senior technology of consultant. "What's even more frightening is that when innocent users click to see the skeleton dance, the site also plays The Vengaboys song 'Boom boom boom boom'. The good news is that advanced IT security defences are able to stop an attack like this dead in its tracks."

There's not much to do to avoid getting infected with the Halloween file because you can always adopt the traditional methods which are supposed to protect you from dangerous content. That's why I recommend you to avoid clicking on the messages related to Halloween and coming from untrusted sources as well as downloading files from unknown websites delivered by email. In addition, you can update the database of your security solution to the latest version in order to detect a potential Trojan horse which might attempt to install on your computer.