IT security and control firm Sophos has warned that a cyber criminal gang is attempting to hijack the Halloween festivities to infect the PCs of innocent computer users.
Malicious spam emails sent across the internet direct internet users to a Halloween-themed website offering a download of a dancing skeleton game, but really designed to install a Trojan horse that gives hackers remote access to the PC.
Emails containing the malicious links have a variety of subject lines including the following:
The most amazing dancing skeleton
Show this to the kids
Send this to your friends
Man this rocks
"This is just the latest incarnation of the poisoned ecard attack (also known as Storm) which has dominated the malware scene for months. The gang responsible are experts at choosing topical disguises or crafting alluring emails that the unwary may find difficult to resist," said Graham Cluley, senior technology of consultant. "What's even more frightening is that when innocent users click to see the skeleton dance, the site also plays The Vengaboys song 'Boom boom boom boom'. The good news is that advanced IT security defences are able to stop an attack like this dead in its tracks."
Sophos experts note that this is not the first time that the gang behind the current attack have used festivities to spread their malware. In July, the hackers sent round messages posing as American Independence Day greetings and distributed malicious "Happy Labor Day" messages in September.