3D Screensaver E-mails?

This morning I started to receive e-mails offering me screensavers. I immediately smelt a rat, well at least a malware author, anyway! ;-)

So, I took a look at it in more details, here's a screenshot of one of the e-mails:



I clicked on the link to see where I'd end up, and you can see what I found, below:



Looks like a very professional and polished website offering 3D Screensavers; very believable, isn't it?

So, I clicked on one of the links offered and I ended up here:



Still very believable, so I proceeded to download a copy of the screensaver offered, so that I could analyse it [you didn't think I was actually going to install it, did you? ;-)].

Will you be surprised to learn that the results of my analysis showed that this wasn't a screensaver at all, it was a piece of malware. I then proceeded to download several other samples, from the other selections offered, and the resulting files, although having different names, were all the same size [18,944 bytes], had the same MD5 hash value [which means they are all effectively identical internally], and were not being detected by a number of anti-malware tools.

At the time of posting this the files I downloaded from the site were named "Screensaver-66713.scr", "Screensaver-8719.scr" and "Screensaver-83580.scr", this of course may change, and there are certainly others with different filenames being offered.

If you see an e-mail like the one shown above, then simply delete it, as otherwise you will infect your computer, rather than save it's screen.

Hopefully by the end of today most anti-malware vendors should have updated their products to detect it.

So, in those immortal words, "Be careful out there...."