With visions of sugarplums dancing through my head constantly from around September onwards, I eagerly (and somewhat obsessively) await the festive season every year. As heralded by my son opening the first box on his advent calendar this morning to liberate the toy hidden within, as far as I am concerned, Christmas is (finally!) upon us. It feels like it gets earlier every year, and this year is no exception – especially as far as the malware authors are concerned. There are several reports that the inevitable holiday-themed lures for distributing malware have already started making the rounds.
Every year the ne’er-do-wells trundle out the same set of tricks to distribute their malware and take advantage of people’s better nature, and the additional opportunities for sensitive data theft as shoppers flock to the Internet to purchase gifts and other festive treats. Regardless of the simplicity of this basest style of social engineering attack, it must be successful or I guess we wouldn’t see so much of it every year.
The basic holiday-themed attack has varied little, if at all, through the years and across various holidays. Generally, the attacker sends a malicious e-mail that appears to notify the target that they have received an e-card that says “Happy <insert holiday here>”. The e-mail also contains a link that the target can use in order to ‘see’ their card. Clicking on the link downloads a malicious executable that compromises the user’s machine, often opening a backdoor that places the machine under the attacker’s control. Colourful animations and music tend to feature in these lures (and who doesn’t like dancing snowmen/candycanes/santas/Christmas trees/champagne bottles, etc?) Of course, Christmas isn’t the only popular theme for bait, the New Year also finds its share of fans in the malware distributing underground.
So, while musing about the delights of the coming festive season, spare a thought for your safety online, and don’t be fooled by the dancing Santas.
Oh, and maybe consider sending your cards via snail mail this year.
MMPC - Melbourne
Figure 1 - Message displayed by W95.Music (circa 2000)