With little more than three days before Christmas, criminals are boosting efforts to spread a different kind of Holiday cheer. Picking up where the Storm botnet left off, the new wave of Email-based Social Engineering uses the pending Holiday theme to trick users into reading “Greeting Cards” or other Christmas themed materials.
ESET spots a new wave of Holiday based Malware. (IMG:J.Anderson)
However, the Social Engineering aspect and the Holiday-based nature are the only direct connections this new wave of Email has to the now infamous Storm botnet.
“Yesterday, we started to receive reports of emails pretending to carry links to holiday cards. These emails contain a link that points to a file named ecard.exe. Of course, this executable is not a seasonal holiday card but Malware. The reason this wave of Malware has attracted our attention is that it is very similar to [Storm attacks] we were seeing last year,” said Pierre-Marc Bureau, ESET researcher.
The idea of attaching an EXE to an email or linking to malicious files is nothing new. Yet, the problem is that people still fall for this despite the warnings in the media and other places online.
“Although this attack uses fast-flux to make it harder to trace its web servers and a redirection page very similar to those used by Storm last year, this is not the resurrection of the Storm botnet,” added Bureau.
ESET has listed the new Malware as a variant of Win32/Waledac Worm after taking a look at the malicious links and the files downloaded.
This inspection proved that they are completely different from the Storm based files used in attacks this time last year. The new variant of the Malware has no peer-to-peer abilities and uses an Open Source packer instead of the customized packer that was seen used by Storm. In addition, the EXE files inspected by ESET contained cryptographic capabilities that were not present in Storm.
“What we are observing today is proof that Malware authors are learning from each other’s errors and successes. After seeing that Storm was able to infect thousands of systems last year with Christmas-related social engineering, the criminals behind other Malware families are now trying to emulate that success.”
The best way to avoid infection is simply not to follow links or open attachments that appear in email from sources unknown. The subject lines and From fields in the emails will be a dead giveaway, as most of them fail to correctly mimic the legit eCard services.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story