12.27.05
Unwanted Christmas Greeting Plagues Net Users
During the holiday season, e-mails and electronic greetings fill every electronic mailbox, and recipients eagerly open them up in expectation of seeing friendly messages from friends, acquaintances, and relatives. But despite the temptation to let down one’s guard when presented with a festive “Merry Christmas” message, it’s still essential to take the standard precautions against malware. This year, PandaLabs discovered a new Trojan called MerryX.A, which delivers a payload much worse than coal in your Christmas stocking.
The Trojan arrives in an e-mail with the words “MERRY CHRISTMAS” in the subject line. The message reads, “Merry Christmas and a Happy New Year!” and includes an animated graphic that shows the words “Merry Christmas” surrounded by festive lights. The payload is delivered through a self-extracting RAR file, which contains a Flash animation, and a Trojan file named SQLServer.exe. The Flash animation shows Santa Claus leaving presents under a Christmas tree.
But that’s not all this electronic Santa leaves behind. The Trojan then commences to record data about the computer, including IP address and hardware data, and sends that data to a remote host. The Trojan also downloads files from other Web pages, opening the door to additional malware. The Trojan is also capable of functioning as a keystroke logger, which is a spyware that can potentially steal passwords and other valuable information.
Seasonal holidays or current events often make a perfect cover-up for a Trojan, and this isn’t the first time senders of malware have taken advantage of the Christmas spirit. Earlier in the month, the Christmas-themed IM.GiftCom.All worm was spread through instant messaging programs, and last year, the Zafi.D worm spread throughout the Net disguised as a Christmas card. IM.GiftCom.All steals contact information from IM applications, and sends messages to all listed contacts to encourage people to visit an infected Web site.
In addition to deploying regularly updated anti-virus software, users are cautioned against opening e-mails and attachments unless they are from a known source.