It’s dÃ©jÃ vu again when Internet scamsters take advantage of the approaching Christmas holidays to entice computer users into opening malicious emails in the guise of holiday promotions or postcards. In the runup to Christmas, every year we see malware authors use varying themes to infect users. And this December is turning out to be no different.
Already into the first week of December, McAfee Avert Labs has observed two active spam campaigns usingÂ malware-laced Christmas themes. The first is a spammed e-greeting that links to an IP address hosting an old school IRC/Bot SFX package. The animated image in the email is taken from a legitimateÂ site while the bait IP address [220.127.116.11] belonging to a compromised web server based in Hong Kong.
The second threat is a new worm christened W32/Xirtem@MM. This worm has a built-in SMTP engine that mass mails copies of itself to email addresses harvested from an infected machine. It uses subjects ranging from Hallmark E-Cards to McDonalds and Coca-Cola Christmas promotions. And to lend authenticity to the email, the images displayed in the spammed email are directly borrowed from the parent websites of Hallmark, McDonalds, and Coca-Cola.
The worm also has the capabilities of spreading via removable storage devices and peer-to-peer networks. Upon execution, it displays the above picture to trick users into believing that it was a harmless image file.
In the coming weeks, these tactics will tend to evolve rapidly, from crude to sophisticated, as spammers increasingly use Christmas based themes to lure victims. With the level of sophistication seen in today’s threats, the malicious payload could easily be hidden within layers of obfuscation or clever social engineering, and could fool even the savviest of users who try to inspect an email before opening. It is therefore imperative that users are educated on how to avoid becoming a victim. Visit the McAfee Security Advice Center to learn all about online and computer safety tips to help you stay protected.