"This is another example of social engineering in action. Malware creators try to entice users into infecting themselves. For this reason, users should always be cautious and not even open messages from unknown senders, no matter how tempted or curious they are," advises Luis Corrons, technical director of PandaLabs.
The mail includes two links that supposedly point to trailers. However, if users click on them, they are really downloading Pirabbean.A.
"Of course, there are no tickets," warns Paul Ducklin, Head of Technology, Asia Pacific, at Sophos. "And there is no film trailer -- just a malicious program which tries to download further malware from the internet. Remember: if an e-mail sounds too good to be true, then you can safely assume that it isn't true."
When the Trojan is run, it shows an error message. This claims that there has been a problem playing the trailer as the computer does not have the necessary codec, and users are advised to visit the film's official Web site.
"If after clicking on the link nothing happened, users would be suspicious. So in this way, the Trojan hides its malicious action and prevents users from checking whether they are infected," explains Corrons.
Pirabbean.A is also designed to download a dialer, detected as Dialer.KGC. As with all dialers, it is designed to switch the dial-up Internet connection to a premium rate number.
The Trojan also edits some Internet Explorer settings, adding two URLs to the Favorites. If users visit these pages, they will be infected with other dialers.
Ducklin reminds users that there is an easy solution to the risks posed by unknown or unlikely e-mails: "Don't try, don't buy, don't click, don't reply!"
