New Year's, Christmas malware targeting inboxes

News by Frank Washkuch Jr.

Email users are again getting the electronic age's version of coal in a stocking - holiday-season spam and malware.

Email users are again getting the electronic age's version of coal in a stocking - holiday-season spam and malware.

Researchers from F-Secure have warned of a handful of just-discovered malicious files posing as Christmas and New Year's Day greetings.

One New Year's scam is part of a new spam run distributing the Warezov worm. Using a fake "Happy New Year" greeting, the scam emails contain a malicious attachment,, and urge recipients to click on the file to view a "holiday postcard."

Once downloaded, Trojan-Downloader.Win32.Small.edn connects to www6[dot]easeruikingandefunjs[dot]com and downloads a Warezov variant, according to a post on F-Secure's blog by Mikko Hypponen, chief research officer.

Hypponen said a backdoor trojan named Christmas_Puzzle.exe is posing as a holiday-themed jigsaw puzzle game. F-Secure has named the malware Trojan.Spy.Win32.Ardamax.e.

F-Secure also warned of a malicious PowerPoint file named Christmas+Blessing-4.ppt, which uses a flaw in Office that Microsoft patched in March to drop and execute two embedded programs. The malware poses as a Christmas-themed slideshow.

Another malicious file, named CHRISTMAS.EXE by F-Secure, is an IRCBot variant that attempts to download numerous malicious executables from waiguadown[dot]008[dot]net and user[dot]free[dot]77169[dot]net. The malicious file poses as a winter-themed image with English- and Chinese-language holiday greetings.

A yearly trend, spammers are using the holiday season to spike levels of unwanted emails.

A November report from MessageLabs found that the SpamThru trojan and Warezov were largely responsible for a rise in spam just before the holiday season.

Click here to email Online Editor Frank Washkuch Jr.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike