Friday, December 26, 2008

Fake Christmas, HolidayGgreetings Spread New Malware over Internet

Fake Christmas, Holiday Greetings Spread New Malware over Internet

New malware is spreading via Christmas and holiday greetings, security researchers said today, a tactic reminiscent of those used last season by the notorious Storm Trojan horse.

Researchers at the Bach Khoa Internetwork Security Center in Hanoi, Vietnam, reported today that a new piece of malware, dubbed "XmasStorm" by the center, is spreading through holiday-themed spam.

Touting subject lines such as "Merry Xmas!" and "Merry Christmas card for you!" the spam includes links to sites that purportedly host electronic greeting cards waiting for the recipients. In fact, the sites are serving up malware that hijacks the visiting PC, then installs a bot that waits for commands from the hacker controllers.

Nguyen Minh Duc, manager of Bach Khoa's application security group, said that XmasStorm originated in China. Hackers have registered at least 75 domain names relating to the malware campaign's holiday theme in the last month, including "superchristmasday.com" and "funnychristmasguide.com." According to WHOIS searches, those domains were registered to a Chinese address on Dec. 1 and Dec. 19, respectively.

"Special occasions such as Christmas and New Year have always been the periods when hackers distribute viruses via fake e-card with malicious code," said Nguyen in an e-mail Wednesday. "Therefore, users should be careful on receiving greeting e-mail from unknown sources for safety's sake."

Similar attacks have been monitored by other researchers, including those at ESET LLC, a Slovakian security company that has offices in San Diego. On Monday, ESET researcher Pierre-Marc Bureau reported a spike in holiday spam that pointed to sites hosting a file named "ecard.exe" that was not, of course, a greeting card, but instead malware.

"The reason this wave has attracted our attention is that it is very similar to the Storm worm attacks we were seeing last year," said Bureau in an e-mail.

Source: Computer World.

Recent Comments