Hackers using Screensaver to Download Trojan, Rootkits

Sophos is caveating against an emerging email spam, which appears to be a screensaver, however, it's actually designed for downloading Trojan horse and rootkits compromised Windows computers.

This type of mails can be found in many inboxes worldwide, which says that a screensaver is sent by a pal and directs the user to click on the attachment (known as bsaver.zip) to view it.

As per Sophos, the mails sent as spam has taglines such as "Life is beautiful", "Good morning/ Good evening, man, really cool screensaver in your attachment", "Life will be better", "Good Summer help you". But in reality, the file hosts a Trojan-Downloader: W32/Agent.EXJ.

As per Sophos, the file contains ZIP attachment, which can infect the user system with the Trojan horse - Agent-FZB. This Trojan horse also insets two rootkits. This is to conceal from filters or/and security software. This Trojan particularly infects Windows platform. If Troj/Agent-FZB is downloaded in the system, it creates various deadly files, which are used for stealthily providing the information to the Trojan.

Sophos' senior technology consultant, Graham Cluley, said that if a user gets some illegitimate mail from anonymous sender prompting him to open it for the attached 'cool screensaver', then he should get alert. He also added that these days, hackers are employing stealth-mode rootkits and social engineering to dupe the innocent users who don't think at all before clicking on the mail, as per the news by Sophos on July 27, 2007.

Cluley also said that deadly codes, like keyloggers and spyware, could easily escape the security operators, making their detection more difficult. He continued that since the Hackers make use of this rootkit technology to gain the access to an infected PC without the knowledge of the user, so it becomes all the more critical to be defended properly against such kinds of security threats.

The officials of Sophos have suggested that the users should keep the antivirus software up to date and also warn the user not to open any unidentified mails. They also advised the users to install the anti-rootkit utilities to safeguard their PC from this upcoming campaign of email spam.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 8/4/2007