With the holiday season upon us, spam campaigns of a malicious nature will start springing up bearing yuletide greetings.
Just Yesterday, Websense sent out an alert that malicious software authors already are using social engineering techniques with a Christmas theme to compromise your home machine. The instance they are reporting uses spam e-mails offering free animated postcards.
Those unfortunate enough to attempt to get free e-cards will download a Trojan. The spam e-mails are spoofed to appear as if they come from postcard.org. The fact that malware (postcard.exe) is being installed on a machine is covered up with a xmas.jpg image.
Websense was kind enough to provide a screen shot of this particular attack:
Quite simply, once installed it allows cyber-scrooges to control your machine and or steal all the personal and financial information off it. The information is then normally used to steal money.
This type of attack is nothing new and seems to surface every year at this time. The next step in these campaigns normally are more personalized spam e-mails designed to do the same thing (download malware). Please note these e-mails are normally spoofed to appear as if they come from a legitimate e-card retailer.
Last year, American Greetings put up a page on their site to educate people how to spot and avoid falling victim to this type of attack. First and foremost, they recommend that if you are suspicious at all to go to the company site and try to pick up the greeting from there. Most (if not all) of the legitimate sites offer this service. The page on their site contains additional ways to identify "e-card garbage" and is well worth a look if you are unfamiliar with how to spot malware attacks using spam e-mails.
.jpg?t=20120527181101)
Article comments