Malware authors don’t miss any event in their attempts to spread malware. Evidently, New Year is yet another opportunity to get their creations into unsuspecting users’ computers. Microsoft warns of early signs of malware in the form of spam emails misusing this happy event.
Here’s a recent example:
As you can see, the video is a fake version of Adobe’s Flash Player. And is a variant of the well-known password stealer Win32/Zbot (SHA1: 6C5B80A73B4B728D7DF8BFBB142E10A6A29A0950). Once executed, it’ll inject itself into the address space of explorer.exe in an attempt to bypass security. When it connects to Internet, an alert similar to the one below may be triggered:
Another example of malware using New Year is — one of the samples of Exploit:Win32/CVE-2010-3333 (00d9af54c5465c28b8c7a917c9a1b1c797b284ab) drops malware detected as TrojanDropper:Win32/Meciv.A and Backdoor:Win32/Meciv.A. To hide its malicious dropping activities, it also drops a clean DOC file with the following New Year’s message:
The message is in Russian and means: “Dear colleagues and friends! Happy New Year!”
As usual, it’s recomended that you stay alert and carefully check all links and e-mail messages containing greetings and holiday themed e-cards, especially those from strangers or entities you haven’t been in contact with.