HO HO HO Santa has a virus for you

Filed Under: Malware, SophosLabs, Spam

This morning while triaging customer malware and spam samples I saw a variation on the typical click-the-link and get malware spam.

This one was Christmas themed, normally we would expect Thanksgiving themed spam before the Christmas glut.

The spam has a subject of "HO HO HO Santa has the best offer of the year for you" and contents of :

HO HO HO Santa has the best offer of the year for you
Hello, it's me Santa Clause, I suppose you already know me, I have for you the most wanted offer of the year.
If you make an account on:

http://xxxx.xxx

until the 5th December, you can choose one welcome gift from us for 50 Euros
from http://xxxx.xxx
and enter your validation code, which is: a91-valets-cloud-mad
(Only until the 5th December availible.)
This is our way to say Happy Holidays,

take your chance to feel the Christmas Anticipation
.
Regards,
Santa Clause

The link if you were to follow it would attempt to install an EXE called santaclause.exe that is infected with W32/Parite-B an old Windows viruses whose only claim to fame is that it infected all 32-bit PE files.

UPDATE: A colleague asked what malware was under the W32/Parite-B infection so I had another look at the malware sample and it is a variant of Mal/Zapchas-A.

This particular spammer hasn't been practicing Safe Hex and has gotten infected. Ha ha ha!

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s