The e-mails, which are being seen in inboxes worldwide, claim that the recipient has been sent a screensaver by a friend and tells the user to open the attachment (called bsaver.zip).
The e-mails used in the malicious spam campaign contain misspelled phrasing such as "Good morning/evening, man! Realy cool screensaver in your attachment!" and use a variety of subject lines including:
Life is beautiful
Life will be better
Good summer
help you
Clicking on the file contained inside the ZIP attachment infects users with the Troj/Agent-FZB Trojan horse, which drops two rootkits to try and hide from security software.
"If you receive an unsolicited e-mail with an encouragement to run the 'cool screensaver' attached then alarm bells should instantly be ringing in your head," said Graham Cluley, senior technology consultant at Sophos. "Hackers are using a mixture of social engineering and stealth-mode rootkits to try and take advantage of Windows users who forget to think before they click."
"Rootkits are software frequently used by third parties -- usually a hacker -- to hide other software and processes using advanced stealth techniques. Malicious code, such as spyware and keyloggers, can be invisibly cloaked from detection by conventional security products or the operating system making them hard to detect," explained Cluley.
