Santa Claus Leaves You a Trojan for Christmas

PandaLabs reports the appearance of a new Trojan, MerryX.A, which uses the theme of Christmas to distract users' attention while infecting their computers. This Trojan, distributed in email messages, aims mainly at gathering information from the affected system.

Infection starts with arrival of an email with the subject "MERRY CHRISTMAS!", and the text line: "Merry Christmas and a Happy New Year!". This email includes two attached files: an animated GIF image called A_LIGHTSMC10.GIF, which shows the phrase "Merry Christmas" among bright lights, and a self-extracting RAR file which contains two files - a copy of the Trojan (called SQLServer.exe) and a Flash animation.

While the GIF image does not infect the user's computer, the self-extracting RAR file does trigger the infection process. As soon as the file is run, it opens the Flash file, which displays an animation accompanied by music, showing Santa Claus leaving presents in a Christmas tree against a red background, and runs the Trojan invisibly to users so that the computer becomes infected without the user realizing.

Once run, MerryX.A records information about the computer (IP address, hardware data, etc.) and sends it to a remote server. It also tries to download files from several web pages, which indicates that the Trojan could serve as an entry point for other malware specimens.

This is not the first time that malware creators use Christmas to spread its creations. Zafi.D, a worm that caused an Amber Alert last Christmas, tried to pass itself off as a Christmas card in several languages, and Maldal.C, which, in the same fashion as MerryX.A, made use of a Santa Claus postcard in Christmas 2003.

write your comments about the article :: 2005 Computing News :: home page