Original post on Sophos. Author – Graham Cluley
We’re having an uncharacteristically sunny June day here in Britain, making it feel all the more incongruous to see Christmas cards are being sent out via email.
But you should be careful, because these aren’t just badly timed emails wishing you season’s greetings – these emails have a malicious payload designed to infect your Windows computers.
Here’s a typical example of the type of message that has been intercepted by SophosLabs:
Subject: You have received a Christmas Greeting Card!
You have just received a Christmas greeting card!
To see your custom card and who sent it, please click the attachment
Attached file: Christmas Card.zip
Although the email claims to come from 123greetings, a legitimate and well-known ecard website, the reality is that the bad guys have forged the headers in this email in an attempt to trick you into clicking on the attachment.
The danger is, of course, that you may be bemused by the notion of receiving a Christmas card in June and click on the attachment out of curiousity. That would be a big mistake, however, as it contains the Mal/CryptBox-A Trojan horse.
So you should have trusted your instincts. There’s always going to be something odd about a Christmas card arriving in June – and like any other unsolicited attachment it should be approached with caution.
Make sure that your anti-virus software and email protection is in place, and make sure you’ve had a good healthy helping of common sense next time you receive an out-of-season greeting.
- I’ve just received a malicious Christmas card – in June! (nakedsecurity.sophos.com)
- Fantastic Ideas for Homemade Christmas Cards (kleenexmums.com.au)
- Christmas Card Garland (casasugar.com)
- Make the most of Christmas in Australia (kleenexmums.com.au)
- My Somewhat Childish Christmas Décor (casasugar.com)
- A Christmas control beater (nickcouldry.com)