About a week after Lycos Europe stirred spammers with its anti-spam screensaver, hackers continue to attack the brand, this time with an e-mail that pretends to be Lycos offering the screensaver but which actually is a trojan.
Lycos Europe withdrew its controversial screensaver, which replied to unwanted spam with a denial-of-service attack, late last week.
The new malware-containing e-mail comes with a subject line that reads, “Be the first to fight spam with Lycos screen saver” and includes a file attachment that reads: “Lycos screensaver to fight spam.zip.”
According to antivirus company F-Secure, the file inside the attachment is not the Lycos “Make Love Not Spam” screensaver. Instead, it’s a RAR SFX archive.
The Trojan has an embedded keystroke logger that can be used to steal personal information, such as user names and passwords.
Ken Dunham, the director of malicious code research at iDefense, a Reston, Virginia-based threat intelligence firm, told the E-Commerce Times that this demonstrates new and increasing problems caused by spam.
“The sheer prevalence of spam and the convergence of malicious code and spam has really changed the face of threats as we see them today,” he said. “It’s not uncommon these days to see new applications are masquerading as something legitimate and being sent through spam.”
Dunham predicts the problem with worms and bugs will only grow worse in 2005 as attackers get more sophisticated and leverage a combination of spam, viruses and hacking to perpetrate their crime.
“We’ve found that 60 to 70 percent or more of peer-to-peer downloads are actually malicious code,” Dunham said. “They often look like pornography applications or antivirus software, and you think you are getting a good deal on something. You run it and the next thing you know, it’s a Trojan.”
Make Love, Not Spam
Perhaps ironically, Lycos Europe seems to have started an all-out war with its “Make Love, Not Spam” anti-spam program. However, Dunham said that although anti-spam groups are fighting the unsolicited e-mail as if it were a war, ethics should still apply to measures and counter measures.
“It’s one thing if you are engaged in battle against an enemy in a military effort by a government,” Dunham said. “It’s another thing when everybody is doing what is right in their own eyes and crossing over into these gray areas of security practices or techniques that should or should not be employed. The courts will have to tell us eventually what is right and what is wrong.”