Fake Christmas, holiday greetings spread new malwareDecember 25, 2008 – 7:34 AM
New malware is spreading via Christmas and holiday greetings, security researchers said today, a tactic reminiscent of those used last season by the notorious Storm Trojan horse.
Researchers at the Bach Khoa Internetwork Security Center in Hanoi, Vietnam reported today that a new piece of malware, dubbed “XmasStorm” by the center, is spreading through holiday-themed spam.
Touting subject lines such as “Merry Xmas!” and “Merry Christmas card for you!”, the spam includes links to sites that purportedly host electronic greeting cards waiting for the recipients. In fact, the sites are serving up malware that hijacks the visiting PC, then installs a bot which waits for commands from the hacker controllers.
Nguyen Minh Duc, the manager of Bach Khoa’s application security group, said that XmasStorm originated in China. Hackers have registered at least 75 domain names relating to the malware campaign’s holiday theme in the last month, including “superchristmasday.com” and “funnychristmasguide.com.” According to WHOIS searches, those domains were registered to a Chinese address on Dec. 1 and Dec. 19, respectively.