Thursday, December 28, 2006

Virtual postcards are dangerous!

As we see every year, Christmas season is a great opportunity for a new virus to spread by email using “Christmas” as a reason to read the email. We just had a post here on Avert Labs blog about one a few days ago. Several days ago I got an email from my bank, stating that I could start to send Christmas and New Years virtual cards through their website! I immediately thought that it was a phishing scam, so I decided to check the link. It was indeed a new url created by the bank, something like www.christmascards[insert Bank Name here].com , where you could select up to 4 different Christmas / New Years cards and send to your friends… Like every year I got several malware virtual postcards. I really don't like virtual postcards, but here, this strange marketing campaign will make things real easy for the bad guys, since the real bank sent a mass mail to all customers telling them that they can send those cards from their website. Now, what do you think will happen when the bank customers start to receive fake virtual postcards on behalf of the bank, with attached malware? Unfortunately there seems to be more Christmas-related malware floating around. Now there's a backdoor named Christmas_Puzzle.exe. This one uses a rootkit to hide its presence on a system. And then there's a PowerPoint file named Christmas+Blessing-4.ppt (see picture). This one uses MS06-012 or a related vulnerability to drop and execute two embedded programs. As a decoy, the exploit has been embedded in an innocent Christmas-themed PPT slideshow that has previously made the rounds. So take my advice: just send out 'plain-text Seasonal Greetings'. Merry Christmas!