Santa’s Virus Striptease Went Wild on Christmas

SophosLabs' researchers cautioned computer users that hackers distributed an e-mail on the eve of Christmas to attract the web users to a website that contained a malicious striptease based on the theme of Santa Claus.

These e-mails were an attempt to divert Internet users to the same websites that contain images of young women dressed scantily in a Santa suit. According to Sophos, images and the button for "Download for free now!" both connected to an executable identified by Sophos as W32/Dorf-AE (a worm known as Storm too). It is a worm for the Windows Platform.

Graham Cluley, Senior Technology Consultant, Sophos said that though Dorf-AE was disguised, it was not a Christmas gift at all. Those who went to the striptease site were taking the risk of opening their machine to infection and enabling hackers to access their resources and personal information stored on the PC, as reported by infoZine on December 28, 2007.

Cluley added that ruthless attackers and virus authors could launch attack at any time of a year. He warned the computer users should look for unusual e-mails and do not click on any unsolicited links sent in a mail.

According to the news published by Channel Register on December 27, 2007, antivirus firm F-Secure had also warned the users that although site remains attack-free, the deluge of spam is probably a preface for Storm Worm attack on New Year.

The Storm Worm first surfaced in January 2007 in e-mails that guide users to maliciously constructed websites under the guise of messages providing information about storm ravaging Europe at that time.

Over the past year, crackers have become smarter and refined in their duping tactics. E-mails spreading the malware enclose counterfeit links to YouTube. Attackers have also tried to deceive users into visiting maliciously constructed websites through login confirmation spam and fake electronic card receipts.

However, the methods of attack including duping users and bringing them to maliciously constructed websites that are used to load botnet on vulnerable PCs remained the same. Sophos recommends companies to be careful during the holiday season.

» SPAMfighter News - 1/10/2008