Return Of The Dorfs: A Christmas Special

Filed Under: Malware, SophosLabs, Spam

Today spamtraps monitored by SophosLabs received samples of a malware campaign spammed out using the combination of the holiday season, and the promise of a "Personal Holiday Strip Show" in an attempt to infect computers. The format of the messages were very similar to previous malware campaigns we've detected over the past 8-10 months:

Many varying subject lines, generic enough to entice recipients to view the message.

StripShow Subject Lines

The message body contained thousands of variations, with a greeting and single paragraph, all attempting to direct the user to the same specific website.

Xmas-stripshow-Sample1

Xmas-stripshow-Sample2

The website itself contained images of scantily clad women with a title of "Mrs. Claus Gone Wild". The images and "Download for free now!" button both linked to an executable detected as W32/Dorf-AE

Xmas-stripshow-website

This is just yet another example of Malware writers/Spammers exploiting current world news or holidays, in an attempt to grow their "Botnets".

You might like

About the author

Brett is a Technical Lead in the AntiSpam Operations team within SophosLabs. He has been working for Sophos since their acquisition of ActiveState in 2003.