Be careful opening bikini screensavers – malware hides inside

Graham Cluley
Graham Cluley
@[email protected]

Bikini. Image from ShutterstockCybercriminals have spammed out a malicious Trojan horse, via an email claiming to offer season’s greetings and photographs of a woman wearing a bikini.

As many people return to their desks following the holiday break, there is a danger that they will find a dangerous email lurking inside their inbox alongside the regular mountain of spam.

In the following example, intercepted by SophosLabs, the malicious email claims to come from Selma. (Or is it Gretchen?)

Malicious email with bikini screensaver attached

Sign up to our free newsletter.
Security news, advice, and tips.


Ciao mia cara!
Come stai? Come promesso, ecco le mie foto bikini. Spero che sarà love it!
Questo è il mio umile dono per il nuovo anno! Ci vediamo più tardi :)
Il tuo amore Selma
01.01.2013 16:04:43

Here’s another example, claiming to be a belated Christmas greeting:

Malicious email with bikini screensaver attached

Subject: Merry Christmas

Hello my dear!!!
How are you? As I promised, here's my bikini photos. I hope you will be love it!
This is my humble gift for Christmas! See you later :)
Your love Ciara

Although the emails are written in different languages (in the above examples, Italian and then English) the message is the same – here are the photographs of me wearing a bikini that I promised you.

Attached to the emails is a file called, which contains a suspicious Windows screensaver – Bikini.scr, which contains a variety of encrypted strings.

Of course, a screensaver (.SCR) file is executable – so running the program can put your computer at risk.

Sophos products are being updated to detect the malware as the Troj/Agent-ZMO Trojan horse, but my advice would be to always be careful opening bikini screensavers, especially when they arrive via unsolicited emails from people you don’t know.

Bikini image from Shutterstock.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.