H-Desk.com - PC Security matters - Protect your PC privacy
Dec 09, 2008
Malware as a Christmas Gift
by GlueTooth / General
As holidays approach, various Christmas orientated malware attacks are likely to hit your inbox. For that reason, be very cautious of any e-card notification emails that you receive during the Holidays.
Hackers, as many years before, use bogus Christmas e-card notification emails to distribute malware. Emails usually claim that the recipient has been sent an eCard from a "dear friend" or sometimes address of your real friend can be exploited for this purpose. User receiving the card is usually instructed to click a link to view e-card content. This usually leads to infection, compromising the confident info by the third parties as primary goal that hackers have set up for Holidays.
Hackers and criminals use the vulnerability and popularity of certain products, names or events to install spyware and rootkits on PCs in order to harm users all over the world. Do you remember hoaxes and malware that had name of President-Elect Barack Obama during the campaign and shortly after elections? People seem to feel more compelled to open files with familiar and well known names, without regard for safety, resulting in a greater number of attacks: if it bears Obama's name, it's got to be safe.
Same goes for Christmas.
People expect greetings for Christmas and if they receive a card, the same logic is implemented – it must be safe. How wrong is that?
Opening acard or clicking through through link executes the file (.exe, .bat or any other executable) that displays a Christmas greeting card image on the user's computer. However, it also installs malware that can give the attacker access to the compromised computer. Card can also install other malware that can then turn the computer into a zombie used to distribute spam without the knowledge of the user.
Installed malware also helps hackers to gain control over your PC or to steal your personal and private info, including identity.
E-cards usually work in several ways: as animation, video or link inside the card.
Most common form of greeting cards is animation. But, once activated, animation installs malware in background.
Video in card usually asks you to download a Flash Player in order to see it. Clicking on video window or link provided will install malware on your computer.
E-cards often provide link to a certain location where the suspicious file will be executed and malware will be installed. Christmas screensavers that execute malware are often promoted this way.
Christmas greeting cards can be sent from the unknown address (usually generated in Christmas Spirit as well: X-Mas Card from friend, Santa sent you a gift, etc.) or from familiar address (your family or friends) if it has been compromised and gathered by spybots before.
Latter is much more dangerous for users, because when users see familiar name, there are higher chances that they will open a card and install malware.
Here is a list of suggestions to guide you in case encounter a malware e-card.
- If you don't know the sender, do not open any attachments regardless of what they are
- If you do know the sender, but were not expecting an email with attachments, verify if they have actually sent it
- Never, under any circumstances, open or download an executable file. These include .exe, .bat, and a host of other extensions.
- Always use anti-virus. There are 100% free ones like Avast or AVG that do a great job in malware detection.
- Scan every email and file attached
- Block pictures in email, because malware and worms are often embedded in them. Every email client should have an option to disable pictures.
- As an addition, use antispyware and antirootkit software and perform scans as often as possible
- Do not download programs from Internet sites that are not reliable
- Reject any unsolicited files in chats or newsgroups
Same instructions go for Instant Messengers. Malware can be spread through IM chat, in much bigger and faster rate, because users are often more careless and prone to infections due to the nature of instant communication.
Although Christmas is time of joy, some people obviously do not think that way. For that reason be prepared, stay safe and have a Merry Christmas!
Readers posted 0 comments for this article