Some malware authors have even gone so far as to include the phrases "no worm, no virus" in the e-card's text, as if such an assurance made the message safe.
'Tis the season to be wary. Sadly, malware authors are quick to seize on current events to cloak their social engineering attacks -- which typically involve tricking people into clicking on a malicious link or visiting a malicious Web page -- in an aura of legitimacy.
So it is that the holiday season brings a surge in holiday-oriented scams. As security company Cyveillance noted on Monday, phishing attacks jumped by 300% on Thanksgiving Day, compared with the number of attacks seen the previous week.
Another security company, Message Labs, said following Thanksgiving that it was seeing holiday-themed spam coming across its infrastructure at a rate of about 300,000 an hour.
Symantec security researcher Jitender Sarda documented one such attack on Tuesday that uses e-cards.
"These e-cards are purportedly sent from a legitimate source and try to lure the victim to click on the link to view the e-cards, which have underlying tricks to try and infect the computer," said Sarda in a blog post. "With the Xmas bells starting to ring, here is the first incidence where Xmas e-cards have started doing the rounds."
While these e-cards may appear to come from a familiar brand name, the "From:" field is forged. And the spammer responsible, perhaps aware that e-cards have acquired an air of disrepute, has even gone so far as to include the phrase "(no worm, no virus)" in the e-card's text, as if such an assurance made the message safe.
In fact, the link provided attempts to download a file named "sos385.tmp," which is itself a downloader that connects to the Internet and attempts to download other malicious files.
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.