Xmas Malware Arrived with New Year’s Spyware

F-Secure, the firm specializing in computer security, had found several malware that were moving across the Internet worldwide in the guise of Christmas cards. The greeting card links in the e-mails were disguised leading to a bogus Yahoo!'s greeting card website that run simultaneously with greetings from America.

The site instructed the visitor to press on the UPLS contained in the e-mail following which a fake website opened that urges the user to download a new file in the Adobe Flash Player format. The file actually was a malware called 'macromedia-flashplayerupdate.exe, which F-Secure had detected as a variant of Agent.

According to Srikiran Raghavan, a cyber security expert, as soon as the malware installed, it collated all of the user's keystrokes in a fresh file and sends it to a remote hacker. Raghavan described the situation as the New Year's spyware joining Xmas malware. Economictimes reported this on December 20, 2007.

F-Secure also warned that a spammer was flooding inboxes with New Year greeting e-mails containing a 'HappyNewYear.exe' file, a new spam raising concern.

On running the file, the malware planted a beautiful Christmas tree studded with colorful balls and stars on the user's desktop. But this apparently harmless Christmas tree began to steal passwords along with other sensitive information from the victim's system and sent them elsewhere to the lbss.3322.org site.

Senior Security Specialist Patrik Runald at F-Secure Security Labs, APAC, said that the wide acceptance of e-cards makes ground for writers of malicious code. spammers have been long known for attempting to entice people with emotional replies such as e-cards. Users are therefore suggested to be cautious of dubious e-mails and maintain updated anti-virus software. They could also use removal tools to manually delete an .exe file. Techwhack reported, December 19, 2007.

In another instance, as users clicked a link for the card, a cash gift popped up as well. But then the card asked for confirmation of the recipient's personal information to deliver the cash. This suggests that as a safety measure, recipients of greeting card e-mails should confirm with its sender if the person actually e-mailed the card.

» SPAMfighter News - 1/4/2008