Lycos email scam hides nasty Trojan

A malicious email purporting to offer a link to download Lycos' controversial spam busting screensaver is infecting users with a Trojan - proving that the fall out from the botched and now ditched service will continue to cause users pain.

The email, subject line "Be the first to fight spam with Lycos screen saver", includes a link which, when clicked, installs a Trojan on the infected PC, potentially surrendering control of that PC to the hacker behind the email scam.

The file attachment appears as 'Lycos screensaver to fight spam.zip' and as well as the Trojan the payload also contains a keystroke logger which notifies an Indonesian email address of its status.

Keystroke loggers are typically used to steal information such as usernames and passwords.

Graham Cluley, senior technology consultant at Sophos, said: "Recipients are encouraged to think they are volunteering for an anti-spam campaign when, in actual fact, they are unwittingly sending off confidential information to an unknown third party."

"The information could be used to find out a recipient's usernames and passwords for online banks or shops," he added.

Perhaps the cruellest irony of it being Lycos' ill-considered anti-spam initiative which is being abused is the fact machines which are infected by Trojans in this way are often used to send large volumes of spam.

Networks of these compromised machines - or botnets - are rented out to spammers by the gangs who control them. According to Paul Wood, chief information analyst at MessageLabs, such botnet capacity can be rented out for around $10 per hour and "provides enough combined computing power and bandwidth to spam almost every email address imaginable".

Yesterday silicon.com questioned whether the hastily scrapped service may actually have further empowered the spammers and today's news heaps further blame on Lycos who appears to have unwittingly breathed new life into spam campaigns and virus writing.