Sunday, December 7, 2008

Get traditional -- send paper cards via snail mail for the holidays

. . . Or call your family/friends/loved ones. Better yet send them a nice gift.

Whatever you do - forget about eCards. I personally think eCards are tacky anyway, but the real problem is that too many email virus spammers use fake eCards during the holidays to propagate their infections. Lately it's become darn near impossible to tell the fakes from the "legit" eCards.

We see this every holiday season, so here's your paranoid reminder for 2008:

Every year the ne’er-do-wells trundle out the same set of tricks to distribute their malware and take advantage of people’s better nature, and the additional opportunities for sensitive data theft as shoppers flock to the Internet to purchase gifts and other festive treats. Regardless of the simplicity of this basest style of social engineering attack, it must be successful or I guess we wouldn’t see so much of it every year.

The basic holiday-themed attack has varied little, if at all, through the years and across various holidays. Generally, the attacker sends a malicious e-mail that appears to notify the target that they have received an e-card that says “Happy ”. The e-mail also contains a link that the target can use in order to ‘see’ their card. Clicking on the link downloads a malicious executable that compromises the user’s machine, often opening a backdoor that places the machine under the attacker’s control. Colourful animations and music tend to feature in these lures (and who doesn’t like dancing snowmen/candycanes/santas/Christmas trees/champagne bottles, etc?) Of course, Christmas isn’t the only popular theme for bait, the New Year also finds its share of fans in the malware distributing underground.

So, while musing about the delights of the coming festive season, spare a thought for your safety online, and don’t be fooled by the dancing Santas.