The malware author is presenting the user with an .exe that includes the search terms in the name hoping the user will download and run it. Appended to the search term is the phrase "to-play" and a version number. Due to the term "to-play", Blue Coat believes the malware author's original intent was to target searches for Halloween music. Other malicious query results detected by Blue Coat include:
Regis-and-kelly-hallween-show-2009-to-play-40064 office-appropriate-halloween-costumes-to-play.40064.exe scary-halloween-signs-to-play.40064.exe halloween-games-printables-for-teens-to-play.40064.exe
It is important to note that these file names are always constructed based on the original search terms so they will change search by search and the malware author could change the appended text and version number.
Once downloaded, the application executes connections to other sites in order to download more malware allowing the malware author to continue with his intended plan. At this time little is known about the malware other than it is 102kb in size and its primary function is to download other malware.
To avoid falling prey, a few steps can be taken. First, if you are searching for music an .exe file is probably not the type of file you expect, so disregard and do not download it. Next, in this case, the phrase "to-play" is always added to the file name, avoid those downloads.
At the time of detection by Blue Coat, no anti-virus vendor identified the binary as malware. Sophos has since updated their signatures and identified this as a variant to the week old Mal/Krap.A.
Blue Coat suspects this is a sign of things to come as we enter the Christmas and New Year holidays. As people search for new toys, new year party ideas, and other related terms, they believe we will see more targeted threats and downloads named to trick the end user.
Make it a happy Halloween and do not be fooled by these tricksters. This warning is a Halloween treat from Blue Coat and InformationWeek.