It is more than a month until Christmas, but spammers are all set to spam the vacation season. We have observed Christmas related spam messages flowing into the Symantec Probe Network.
For greeting card spam, spammers used a legitimate look and feel in the email with headers (Subject & From) and flash animations that included a message to open the "Christmas Card.zip" attachment. After opening the attachment, the malicious code is downloaded on to the user's system. Symantec detects the attachment as W32/AutoRun.BBC!worm.
Figure 1. Christmas card example
As expected, spammers are promoting fake offers by targeting specific categories, including:
Most of these spam messages encourage users to buy the products early to take advantage of the bogus offers. Clicking the URL directs the user to a fake product offer site, for example, a Web page selling replica watches, fake pharmaceuticals, or other products.
Figure 2. Fake product offer Web page
Christmas related spam can easily be recognized by observing the From line:
- From: "Christmas Letters from Santa" <return@removed>
- From: "Christmas Tree Plant" <magic@removed>
- From: "Christmas Tree Plant" <christmas@removed>
- From: The National Christmas Lottery <xxlotto@removed>
- From: "Christmas Tree Plant" <fun4kids@removed>
The Subject line can also be used to recognize Christmas related spam:
- Subject: Christmas Woodworking Gifts
- Subject: $1,500 cash for Christmas!
- Subject: Ideal kids project for Christmas
- Subject: You have received a Christmas Greeting Card!
- Subject: Combat your waist line in time for Christmas
- Subject: RE: Christmas sale of medicine production watches has started!
- Subject: Come Here to Get Christmas Gift for Everybody!
- Subject: Share A Little Magic This Christmas
- Subject: Christmas boost [it's only 7 weeks away!]
- Subject: RE: Wanna make Christmas shopping easy?
Below are several examples of Christmas related spam emails:
We expect to see a sharp spike in the volume of Christmas related spam messages over the next few days. Symantec Security Response continues to closely monitor this spam trend and we will keep our readers updated. We advise our readers to be cautious when handling unsolicited or unexpected emails related to Christmas. Updating antispam signatures regularly can help to prevent personal information from being compromised.