Spain is different. We even have April Fool's day on December, 28! But nonetheless, today's post is gonna be serious. Really.
Christmas are here to stay, at least for a few more days. Santa Claus gives way to New Year's Eve and the Three Wise Men, and crimeware won't lose the opportunity of tampering with computers worlwide in order to steal as much money as possible.
Social engineering is usually a weapon of opportunity. Be it Valentine's Day, Christmas or the FIFA World Cup, there will always be cybercrooks who will take advantage of the season and use that theme in their messages. Here are a few examples:
- Zafi.D raised an Orange Alert status on December 2004. The email messages it sent were on fifteen different languages, greeting Christmas to unsuspecting users... But the gift it came with was nefarious.
- The worm Atak (variants H, I and J) also was cheerful: "Mery Chrismas & Happy New Year! 2005 will be the beginning!". In fact, it was the beginning, but for crimeware and the like of it.
- Mimail.N and Downloader.AC spoke of a great New Year offer from Paypal in order to entice users into running their malicious files.
- Nabload.U and Banker.BSX. These Trojans teamed up during last year's Christmas season. How could their authors have found a better season to release a banking Trojan and its downloader?
So, with so many examples of Christmas related malware, how is it that we people still fall for such an easy trick? It would seem that we don't really learn from our own mistakes. As soon as we recover from the latest "outbreak", we are willing to open other PowerPoint presentations (you know, Christmas+Blessing-4.ppt) or executable files (namely, Christmas_Puzzle.exe).***
Let's be careful out there... And let’s not fall for so-easy-to-spot tricks.
***Of course, the Three Wise Men know who you are... And you will receive coal in instead of gifts. Really.