Email the Editor    Email a Friend    Print this Page 

New malware is spreading via Christmas and holiday greetings, security researchers said today, a tactic reminiscent of those used last season by the notorious Storm Trojan horse.

Researchers at the Bach Khoa Internetwork Security Center in Hanoi, Vietnam, reported that a new piece of malware, dubbed "XmasStorm" by the centre is spreading through holiday-themed spam.

Touting subject lines such as "Merry Xmas!" and "Merry Christmas card for you!" the spam includes links to sites that purportedly host electronic greeting cards waiting for the recipients.

In fact, the sites are serving up malware that hijacks the visiting PC, then installs a bot that waits for commands from the hacker controllers.

Nguyen Minh Duc, manager of Bach Khoa's application security group, said that XmasStorm originated in China.

Hackers have registered at least 75 domain names relating to the malware campaign's holiday theme in the last month, including "superchristmasday.com" and "funnychristmasguide.com."

According to WHOIS searches, those domains were registered to a Chinese address on Dec. 1 and Dec. 19, respectively.

"Special occasions such as Christmas and New Year have always been the periods when hackers distribute viruses via fake e-card with malicious code," said Nguyen in an e-mail Wednesday. "Therefore, users should be careful on receiving greeting e-mail from unknown sources for safety's sake."

Similar attacks have been monitored by other researchers, including those at ESET LLC, a Slovakian security company that has offices in San Diego.

share: