Lycos Anti-Spam Screensaver Inspires Trojan

Even though it's been withdrawn, the Lycos anti-spam screensaver is not forgotten. Rollie Hawk writes "And with this, the 'What's Good for the Goose...' award goes to all those people trying to install that notorious spam-attacking Lycos screen saver but ended up with a Trojan horse instead. This trojan is spreading via email with the subject line 'Be the first to fight spam with Lycos screen saver,' tucked in an innocent-looking file called 'Lycos screensaver to fight spam.zip.' According to F-Secure, this trojan contains keylogger elements but little more has been specified. The only question I have is how long until the 'I promise to clean that trojan disguised as a DDoSing Lycos screen saver.exe' virus gets released."

Futility

[Lonesome+Squash]

Every formal system has its Goedel sentence; every immune system has its HIV. It's the price of complexity.

Of course, that doesn't make formal systems, immune systems, or anti-spam screen savers useless.

Obligatory File Extension Hiding Reminder

[prandal]

When the Windows user has file extension hiding turned on (Microsoft's default), the attachment yohavewon.txt.exe appears to them as youhavewon.txt. It doesn't take much for the malware writer to use the standard windows "text file" icon as the application's icon, and the social engineering attack is complete.

I will not believe that Microsoft takes security seriously until they they issue updates for all their operating systems to disable this misfeature permanently.

Re:Obligatory File Extension Hiding Reminder

[ad0gg]

Apple has the same feature, you can change the icon of an application to mp3 file icon and add a .mp3 extension. Oh wait, this is slashdot, so double standards are allowed.

Btw attachments in outlook or any other email program(that I know of) never cut off the extension. And outlook has stopped recieving .exe,.bat,.scr.,.vbs or any other executable attachment since 2002. Nice try though.