Security threats Toolkit

Trojan poses as fake Lycos screensaver

Dan Ilet ZDNet.co.uk

Published: 07 Dec 2004 12:00 GMT

An identity-stealing email Trojan that disguises itself as the Lycos anti-spam screensaver is being distributed around the Internet.

According to antivirus company F-Secure, the key-logging Trojan steals usernames, passwords, credit card details and email addresses and travels as an email attachment.

Mikko Hyppönen, F-Secure's director of antivirus research, said that the recent attention from the Lycos story could be an incentive to open the file.

"The whole case has been full of surprising turns from the beginning," said Hyppönen. "Whoever is behind this is someone who felt they were being attacked by Lycos. They are trying to teach people a lesson. A lot of people heard about the screensaver but couldn't download it because the ["Make love not spam"] Web site was down. Lots of people would be interested in looking though."

The subject of the email read: "Be the first to fight spam with Lycos screen saver", with an attachment file labelled: "Lycos screensaver to fight spam.zip".

Hyppönen warned that the Trojan was dangerous if opened, but no more so than other password-stealing malware.

On Friday, Lycos terminated its "Make Love Not Spam" screen saver campaign after it was bombarded with criticism for attacking spammers' Web sites using denial-of-service-like attacks.

Lycos also denied it took brought down two Web sites hosted in China after it claimed it had no intention taking Web sites offline, just slowing them down to raise the cost of spamming.