Daily cyber threats and internet security news: network security, online safety and latest security alerts
November 27th, 2008

Infecting Christmas E-greetings Are Distributed Via Spam

Websense Security Labs has discovered that malware authors are already using Christmas themes this year as a social engineering tactic, in an effort to gain control over compromised machines. This campaign uses email messages in the form of e-greetings, leading to supposed animated postcards. These actually lead to a Trojan backdoor that has been distributed in previous malicious spam campaigns.

The email messages, spoofed to appear as though they have been sent from, display an animated Christmas scene. A URL link within the email leads to a malicious file called postcard.exe hosted on various servers, including those in the .com domain space.

Once executed, a backdoor is created by the malware author enabling access and control over the resources of the compromised machine. Control is conducted over IRC, communicating with ircserver.*snip*.la. During the install process an image called xmas.jpg is displayed to the user as a distraction technique.

Example of malicious email:

Share this item with others:

More on CyberInsecure:
  • Malaysian Kaspersky Antivirus Website Has Been Hacked In An SQL Injection Attack
  • Beware Of Independence Day Malware Spam By Waledac Botnet
  • Government-related Organizations Tricked By A Documents Stealing E-Card Trojan
  • Distributed Denial Of Service Attack Takes Down Twitter
  • Storm Botnet Is Behind 20 Percent Of Internet Spam

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Infecting Christmas E-greetings Are Distributed Via Spam

    One Response to “Infecting Christmas E-greetings Are Distributed Via Spam”

    1. redirecting technique is too familiar for spam , i dont like it , cheating !! simple wthot tech knowledge !

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.