Today, December 24, 2008, Vietnamese timezone, Bkis’s virus supervisor system detected a new worm – XmasStorm, which originated from China and took advantage of Christmas time to deceive users. It is classified into Storm Worm category concerning it spreading speed and the amount of spam emails that it generates as impetuously as a storm.
With the subject: “Merry Xmas!” or “Merry Christmas card for you!”, XmasStorm tricks users into visiting websites containing malicious code prepared by hackers. According to our analysis, there have been at least 75 domain names relating to Christmas and New Year like SuperChristmasDay.co[removed],
FunnyChristmasGuide.co[removed], ItsFatherChristmas.co[removed]... These domain names were created in this month for this virus distributing plan.
Once users have loaded one of websites using these domain names, their computers are taken control by XmasStorm. The virus open a back door and wait for commands from hackers to continue to spread out all over the Internet.
Website with XmasStorm embedded
Bkis recommends that if receiving an email like the one above, users should not click on the link so as not to be infected by viruses. In order to check whether their computers have been infected, users can download the latest version of Bkav from http://www.bkav.com.vn/home/DownloadE.aspx.
Bkis also recommends that special occasions such as Christmas and New Year have always been the periods when hackers distribute viruses via fake e-card with malicious code. Malicious people usually send messages in the form of greeting cards or sales promoting advertising at the end of the year to trick user into opening an attachment or clicking on a link containing malicious code. Therefore, users should be careful on receiving greeting email from unknown sources for safety’s sake.