The widely spammed email teaser promises a trailer for Pirates of the Caribbean 3: At World's End and the chance to get free tickets.
"There is no film preview and there are no free tickets," said Graham Cluley, senior technology consultant at Sophos.
"The only thing that this email is trailing is an attack wave of malicious code against your PC."
The email, which contains the familiar skull-and-crossbones logo of the popular film franchise, uses the Troj/Yar-A Trojan.
Cluley said that, once a computer is compromised by the malware, hackers would be able to steal information for identity theft and other crimes.
Anyone running the attachment is shown a fake error message, at which point the Trojan disables antivirus software and downloads malicious code from the internet.
Cluley warned that using social engineering such as a big movie release to spread malicious code is a common trick used by hackers and spammers.
"Computer users who do not take care about what they run on their PC, and believe every email they are sent, could be heading for stormy waters," he said.
"If you want to see the latest Hollywood blockbuster book your ticket at the local cinema rather than clicking on a file sent to you out of the blue."
Pirates of the Caribbean spam spreading
By Matt Chapman on May 28, 2007 6:20AM