Christmas tactics already being used in spam campaigns

News by Dan Raywood

Websense has identified a spam postcard campaign that is using Christmas as a tactic.

Websense has identified a spam postcard campaign that is using Christmas as a tactic.

 

The Websense Security Labs ThreatSeeker network identified the campaign that uses email messages in the form of e-greetings that leads to supposed animated postcards. As many would suspect though, this does not lead to a Christmas card, but instead to a Trojan backdoor that has been distributed in previous malicious spam campaigns.

 

The company claimed that the email messages have a URL link within the email that leads to a malicious file called postcard.exe that hosted on various servers, including those in the .com TLD space.

 

Once executed, a backdoor is created by the malware author enabling access and control over the resources of the compromised machine. Control is conducted over IRC, communicating with ircserver.*snip*.la. During the install process, an image called xmas.jpg is displayed to the user as a distraction technique.

 

Writing on the Security Watchdog blog, David Neal said: “If downloaded, this creates a backdoor on their computer which allows access to and control of the compromised machine, and all this from a Christmas message celebrating the season of goodwill.

 

However, it's difficult to not be dismayed with the type of person who would be conned by such a virus. It's amazing the impact a picture of some elves in Santa's grotto can have on IT security best practice.”

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events