The spammers hope that gullible users would download the so-called "dancing skeleton", which is in fact a malicious package designed to download a new variant of the Storm Worm Trojan on vulnerable computers.
Once infected, the computers become part of the zombie botnets that hackers may use as they please. According to Sophos, you should keep an eye out for emails with the subject lines such as these:
– Happy Halloween
– Dancing Bones
– The most amazing dancing skeleton
– Show this to the kids
– Send this to your friends
– Man this rocks
"This is just the latest incarnation of the poisoned ecard attack (also known as Storm) which has dominated the malware scene for months. The gang responsible are experts at choosing topical disguises or crafting alluring emails that the unwary may find difficult to resist," said Graham Cluley, senior technology of consultant. "What’s even more frightening is that when innocent users click to see the skeleton dance, the site also plays The Vengaboys song ‘Boom boom boom boom’. The good news is that advanced IT security defences are able to stop an attack like this dead in its tracks."