F-Secure said Tuesday that the key-logging Trojan steals usernames, passwords, credit card details and e-mail addresses, and travels as an e-mail attachment.
Mikko Hypponen, F-Secure's director of antivirus research, said the recent media attention given to the Lycos Europe "Make love not spam" campaign could be an incentive to open the file.
"The whole case has been full of surprising turns from the beginning," Hypponen said. "Whoever is behind this is someone who felt they were being attacked by Lycos. They are trying to teach people a lesson. A lot of people heard about the screensaver but couldn't download it because the ("Make love not spam") Web site was down. Lots of people would be interested in looking, though."
The subject of the Trojan e-mail reads: "Be the first to fight spam with Lycos screen saver." It comes with an attachment file labeled, "Lycos screensaver to fight spam.zip."
Hypponen warned that the Trojan was dangerous if opened, but no more so than other password-stealing malicious software.
On Friday, Lycos Europe terminated its "Make love not spam" screensaver campaign after it was bombarded with criticism that it was attacking spammers' Web sites using denial-of-service-like attacks.
Lycos Europe denied that it had brought down two Web sites hosted in China. It said it had no intention of taking Web sites offline, just of slowing them down to raise the cost of spamming.
Lycos Europe is a separate company from the Web portal that bears the Lycos name in the United States. Lycos Europe claims that it maintains roughly 40 million e-mail accounts in eight European countries.
Dan Ilett of ZDNet UK reported from London.