Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Do They Know it’s (not) Christmas Time at All?

Created: 19 Feb 2010 21:51:59 GMT • Updated: 23 Jan 2014 18:29:27 GMT
Hon Lau's picture
0 0 Votes
Login to vote

I saw something quite funny when checking out the spam feeds the other day. An attachment kept appearing, once in a while, with a name of Christmas Card.zip. It was making sporadic appearances in the feeds (and the number of spam email messages was quite low), but there were a couple of these odd messages at equally odd hours of the day:

xmas-candles_spam3.gif

The email message itself was a run-of-the-mill electronic greeting card with an HTML body containing a nice Flash animation—the Flash animation actually comes from a legitimate source (123greetings.com). The email body contains a message asking the user to open the attachment to see who sent the email. Of course, opening the attachment yields a malicious file. The name of the file inside is Christmas Card.htm[MANY SPACES].exe and it is already detected by Symantec as W32.Ackantta.G@mm.

The question I leave you with is this: are the people behind the Ackannta worm living in some kind of a parallel universe or time warp where every day is Christmas? Or perhaps it is some worm gone out of control? I'll leave you to ponder that one. Bearing in mind that it is now mid-February, you can either consider them late to the Christmas party or way too early.