Websense has identified a spam postcard campaign that is using Christmas as a tactic.


The Websense Security Labs ThreatSeeker network identified the campaign that uses email messages in the form of e-greetings that leads to supposed animated postcards. As many would suspect though, this does not lead to a Christmas card, but instead to a Trojan backdoor that has been distributed in previous malicious spam campaigns.


The company claimed that the email messages have a URL link within the email that leads to a malicious file called postcard.exe that hosted on various servers, including those in the .com TLD space.


Once executed, a backdoor is created by the malware author enabling access and control over the resources of the compromised machine. Control is conducted over IRC, communicating with ircserver.*snip*.la. During the install process, an image called xmas.jpg is displayed to the user as a distraction technique.


Writing on the Security Watchdog blog, David Neal said: “If downloaded, this creates a backdoor on their computer which allows access to and control of the compromised machine, and all this from a Christmas message celebrating the season of goodwill.


However, it's difficult to not be dismayed with the type of person who would be conned by such a virus. It's amazing the impact a picture of some elves in Santa's grotto can have on IT security best practice.”