Researchers from F-Secure have warned of a handful of just-discovered malicious files posing as Christmas and New Year's Day greetings.
One New Year's scam is part of a new spam run distributing the Warezov worm. Using a fake "Happy New Year" greeting, the scam emails contain a malicious attachment, postcard.zip, and urge recipients to click on the file to view a "holiday postcard."
Once downloaded, Trojan-Downloader.Win32.Small.edn connects to www6[dot]easeruikingandefunjs[dot]com and downloads a Warezov variant, according to a post on F-Secure's blog by Mikko Hypponen, chief research officer.
Hypponen said a backdoor trojan named Christmas_Puzzle.exe is posing as a holiday-themed jigsaw puzzle game. F-Secure has named the malware Trojan.Spy.Win32.Ardamax.e.
F-Secure also warned of a malicious PowerPoint file named Christmas+Blessing-4.ppt, which uses a flaw in Office that Microsoft patched in March to drop and execute two embedded programs. The malware poses as a Christmas-themed slideshow.
Another malicious file, named CHRISTMAS.EXE by F-Secure, is an IRCBot variant that attempts to download numerous malicious executables from waiguadown[dot]008[dot]net and user[dot]free[dot]77169[dot]net. The malicious file poses as a winter-themed image with English- and Chinese-language holiday greetings.
A yearly trend, spammers are using the holiday season to spike levels of unwanted emails.
A November report from MessageLabs found that the SpamThru trojan and Warezov were largely responsible for a rise in spam just before the holiday season.
Click here to email Online Editor Frank Washkuch Jr.
New Year's, Christmas malware targeting inboxes
By Frank Washkuch on Dec 27, 2006 5:03PM