The malicious element opens a backdoor for cybercriminals

Nov 22, 2012 14:37 GMT  ·  By

Users who want to install a Thanksgiving Day screensaver to help them get into the holiday spirit are advised to be careful where they download it from since a malicious software masquerading as one is making the rounds.

Sophos experts have come across a screensaver called “Thanksgiving Day.scr” that appears to be harmless at first sight. However, while the user is viewing a holiday slideshow, in the background, the malware connects to a server and attempts to download malicious code.

Besides opening a backdoor to allow the attacker to gain control of the infected computer, the threat also drops a DLL file called ssheay.dll, which poses as an Add-in for Outlook.

Then, a new registry entry is created to ensure that the malware (Troj/DwnLdr-KJW) is executed each time the computer starts.

Beware of emails and social media posts that advertise such screensavers. It’s likely that, in the upcoming hours, this particular campaign will intensify.