Hackers fail to take a holiday break as 2008 malware attacks gather steam

January 02, 2008 Sophos Press Release

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned workers returning from the New Year holidays to be wary of internet attacks taking advantage of the celebrations.

New versions of the Dorf worm (also known as Storm) have stopped using the lure of Santa Claus's wife doing a striptease and in recent days posed as Happy New Year ecards.

The latest malicious email campaigns contain links to websites containing malware, and have used a wide variety of subject lines including:

A brand New Year 2008
Blasting New Year 2008
Dance to the New 2008 Year tune
Happy New Year 2008 to the one I love
New Year 2008 Wishes
The New Year has arrived

"Many people will be returning to their desks this morning after a lengthy break for Christmas and New Year to a brimming bundle of unread emails. The danger is that the holiday hangover will make them less careful about which messages they click on," said Graham Cluley, senior technology consultant at Sophos. "Anyone clicking on a mystery weblink or an unsolicited email attachment is putting their computer at risk of being taken over by hackers for the purposes for illegal ends. Everyone needs to make their New Year's resolution to take computer security more seriously in 2008."

Sophos experts note that this is not the first occasion on which hackers have exploited new year festivities to try and spread their malware. For instance, three years ago another worm, Wumark-D, distributed itself in an unusual Happy New Year message in the form of a photograph of naked bodies.

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.