More Holiday-themed Spammed Emails Seen

 Analysis by: Fjordan Allego

XmasSpam_1

Just days before Christmas we observed a surge in spammed emails that take take advantage of the widely celebrated event.

One of the recent spam attacks we saw contained a malicious document entitled “Christmas Offers”. The email has the same title listed as its email subject but doesn't contain any text in the body. Opening the attached document leads to a Microsoft Word file with macros enabled. Once the user enables the macros, a malicious file is downloaded into the system. We detect this malicious document as TROJ_MDLOAD.WPV.

Another spammed message we found attempts to pass itself off as a newsletter from 'Santa's Mailroom'. The email's structure contains salad words inserted into the HTML code in order to avoid being detected by traditional spam filters.

XmasSpam_2

The links used in this attack varies from one sample to another. They use newly-registered domains and are able to bypass web filters. These hoax Santa newsletters will redirect users to more advertising or phishing websites.

 SPAM BLOCKING DATE / TIME: December 24, 2014 GMT-8
 TMASE INFO
  • ENGINE:7.5
  • PATTERN:1200