– A new Trojan, MerryX.A, reaches victims in an email with the subject “MERRY CHRISTMAS!”, and hides behind an animation with Santa Claus and Christmas music
– This Trojan joins the list of malware species that take advantage of the massive sending of Christmas cards via email to enter users’ computers
PandaLabs reports the appearance of a new Trojan, MerryX.A, which uses the theme of Christmas to distract users’ attention while infecting their computers. This Trojan, distributed in email messages, aims mainly at gathering information from the affected system.
Infection starts with arrival of an email with the subject “MERRY CHRISTMAS!”, and the text line: “Merry Christmas and a Happy New Year!”. This email includes two attached files: an animated GIF image called A_LIGHTSMC10.GIF, which shows the phrase “Merry Christmas” among bright lights, and a self-extracting RAR file which contains two files: a copy of the Trojan (called SQLServer.exe), and a Flash animation.
Whereas the GIF image does not infect the user’s computer, the self-extracting RAR file does trigger the infection process. As soon as the file is run, it opens the Flash file, which displays an animation accompanied by music, showing Santa Claus leaving presents in a Christmas tree against a red background, and runs the Trojan invisibly to users so that the computer becomes infected without the user realizing.
Once run, MerryX.A records information about the computer that -IP address, hardware data, etc- and sends it to a remote server. It also tries to download files from several web pages, which indicates that the Trojan could serve as an entry point for other malware specimens.
As result, i can tell you, don`t open attached files!