Holidays like Christmas and Valentine’s Day inevitably come with threats related to the holidays themselves. These attacks have become more persistent throughout the years, perfectly timed to dupe the greatest number of users with the most appropriate social engineering techniques for their holiday of choice.
Just today, we saw a certain spam run that seems a little bit too late or, seen in another way, a little too early for the season it’s supposed to ride on.
Christmas greeting cards are being spammed out with messages similarly fashioned to those from popular websites known for free e-card sending services.
The messages arrive with a file attachment in .ZIP format, which the recipients must open to view the e-card. Of course, the file in the .ZIP file being an e-card is just as accurate as it is being the Christmas season in February. The .ZIP file contains malicious files that Trend Micro now detects as WORM_PROLAC.SME, WORM_PROLAC.AB, and WORM_PROLAC.AA. When executed, WORM_PROLAC.SME drops a file detected as TROJ_CUTWAIL.IZ. It also has rootkit capabilities that allow it to hide its processes and files from users. Similar to WORM_PROLAC.SME, WORM_PROLAC.AB has rootkit capabilities and drops several files detected by Trend Micro as TROJ_HILOTI.SMAE, TROJ_FAKEAV.SM3, and TROJ_HILOTI.SME1.
Such threats, it seems, will be seen as long as holidays are observed, as these events, in one way or another, affect users’ computing behaviors. Whether they’re deployed at the right time or not, users should remain vigilant and keep themselves protected.