Opening a Christmas e-card could also trigger a Trojan installation on your PC, a team of security experts have warned.
A new form of malware is spreading via Christmas and holiday greetings according security researchers at the Hanoi University of Technology, Vietnam claimed using a tactic reminiscent of those previously used by the notorious Storm Trojan horse.
Researchers at the Bach Khoa Internetwork Security Center at the University reported that a new piece of malware, dubbed “XmasStorm” by the centre is spreading through holiday-themed spam.
Touting subject lines such as “Merry Xmas!” and “Merry Christmas card for you!” the spam includes links to sites that purportedly host electronic greeting cards waiting for the recipients. When the unsuspecting user lands on the malicious site, software is installed that hijacks the visiting PC, and installs a bot that waits for commands from the hacker controllers.
Nguyen Minh Duc, manager of Bach Khoa’s application security group, said that XmasStorm originated in China, with at least 75 registered domain names relating to the malware campaign’s holiday theme, including “superchristmasday.com” and “funnychristmasguide.com.”
He added that special occasions, such as Christmas, give hackers an ideal opportunity to spread malware via “e-cards”. The issue also highlights the importance of keeping up-to-date antivirus software on a PC system.
“Special occasions such as Christmas and New Year have always been the periods when hackers distribute viruses via fake e-card with malicious code,” said Nguyen. “Therefore, users should be careful on receiving greeting e-mail from unknown sources for safety’s sake.”