We’ve seen all sorts of stuff being advertised by spam, from the salacious to the more innocent. Falling into this latter category is a recent type of spammed email message that our spam traps have caught: those advertising free screensavers (as shown below).
That may not sound harmful at all, but when one clicks on the link within the message, he/she is led to a Web site that entices him/her to download a free screensaver. Here’s a screenshot of the said site:
Again, there’s no harm in that, right? Wrong.
When a user chooses to download a screensaver from those offered by the legitimate-looking site, he/she is actually downloading a malicious file onto his/her system.
The said file is detected by Trend Micro as WORM_SOCKS.D.
Information and screenshots provided by Content Security Team