Christmas tactics already being used in spam campaigns

News by Dan Raywood

Websense has identified a spam postcard campaign that is using Christmas as a tactic.

Websense has identified a spam postcard campaign that is using Christmas as a tactic.


The Websense Security Labs ThreatSeeker network identified the campaign that uses email messages in the form of e-greetings that leads to supposed animated postcards. As many would suspect though, this does not lead to a Christmas card, but instead to a Trojan backdoor that has been distributed in previous malicious spam campaigns.


The company claimed that the email messages have a URL link within the email that leads to a malicious file called postcard.exe that hosted on various servers, including those in the .com TLD space.


Once executed, a backdoor is created by the malware author enabling access and control over the resources of the compromised machine. Control is conducted over IRC, communicating with ircserver.*snip*.la. During the install process, an image called xmas.jpg is displayed to the user as a distraction technique.


Writing on the Security Watchdog blog, David Neal said: “If downloaded, this creates a backdoor on their computer which allows access to and control of the compromised machine, and all this from a Christmas message celebrating the season of goodwill.


However, it's difficult to not be dismayed with the type of person who would be conned by such a virus. It's amazing the impact a picture of some elves in Santa's grotto can have on IT security best practice.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike