Want a Christmas card? Click the link and get your virus!

The successful infection of thousands of systems last year with Christmas-related social engineering performed by the Storm Worm incited another cyber crime group to launch a new email worm that spreads when users are falsely persuaded to visit a website claiming to contain a Christmas card reports SANS Internet Storm Center. The scheme draws users to click on the special link that turns out to be malware executable.

This week SANS Internet Storm Center posted an entry on their blog warning against the new Waledac worm that infiltrates into the users PC when they try to click the link on the website that alleges to offer them a Christmas card. The card naturally is not there and instead the user gets a malware installed on their computer. According to Pierre-Marc Bureau, a researcher at anti-virus vendor ESET, the new worm replicates some features of the Storm Worm -- which was known to spread via fake greeting cards during popular holidays -- including using a redirection site and fast-flux capabilities to hide its IP addresses.

Yet Waledac has its own peculiar means to hide its tracks such as an open-source executable packer and cryptography reports Bureau. As soon as the worm installed on the PC it searches for email addresses and then spams copies of itself to those addresses. Besides, it also steals online banking passwords with a number of banks already targeted worldwide. However, SANS incident handler Maarten Van Horenbeeck assures that the number of infections should remain low because the attack requires human interaction and arrived on the scene "fairly late in the holiday cycle." But Internet subscribers surely should stay cautious and block the download of "ecard.exe," as well as the domains being used in the attack. His blog post listed a number of affiliated domains.