Beware Thanksgiving screensavers designed to infect your PC with malware

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

ThanksgivingMillions of Americans are preparing to celebrate Thanksgiving with their families and friends.

And some might be allowing their computers help spread some festive cheer, by playing holiday tunes and – perhaps – installing Thanksgiving screensavers.

Well, hold your horses, easy on the gravy and take the mashed potato off the hotplate..

That Thanksgiving screensaver that you just downloaded from the net may not be entirely safe.

Sign up to our free newsletter.
Security news, advice, and tips.

For instance, here’s a Thanksgiving screensaver that we analysed in our labs in the last 24 hours.

The filename looks innocuous enough: Thanksgiving Day.scr

And, judging by the screenshots that it displays on your screen, it’s suitably cheesie Thanksgiving fare:

Images displayed by Thanksgiving screensaver

But behind the scenes, while you are being presented with a slideshow, the screensaver is silently connecting to a website and attempting to download malicious code, allowing malicious hackers to take remote control of your computer.

Section of code, downloading further content from the net

The malware also drops a new DLL, called ssheay.dll, which poses as an Add-in for Outlook. A link to the DLL is added into the Registry, ensuring that the code is run automatically each time the computer is started.

Sophos products detect the malware as the Troj/DwnLdr-KJW Trojan horse.

The lesson, of course, is not to trust every program that you run into on the net, and think twice before installing code of dubious provenance. Don’t think you can take a short cut and not worry about computer security just because it’s Thanksgiving.

If you’re celebrating Thanksgiving, please look after yourself, your friends, and your computers. Do yourself and your friends a favour by ensuring that anti-virus software is up-to-date and your computers are properly patched against the latest security flaws.

If you haven’t already done so, check out some of the free security tools that Sophos makes available.

Best wishes from all of us at Naked Security and Sophos.

Thanks to Zoe in SophosLabs UK for assisting with this article.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.