Analysis by: Merianne Polintan

It could be said that it's still too early to even think about Christmas, but it seems that cybercriminals have another idea entirely. Recently we received samples of a malicious spam campaign making the rounds. The spammed mail purports itself to be an early Christmas greeting from Hallmark, one of the biggest greeting card makers in the United States. The body of the mail asks the user to quickly open and execute the attached file, or else they will suffer a year of misfortune. The attached file, which is stored inside a zipped archive and is named 'snowfairy.exe' is of course malicious, and detected as MAL_PROLACO.

Users are advised to anticipate spammed mails that tailor themselves to upcoming occasions and events, and delete them if they find them in their inboxes.

The spammed mail, the attachment and the other elements involved in this spam campaign are blocked by the Trend Micro Smart Protection Network.
 SPAM BLOCKING DATE / TIME: 18 September 2013 GMT-8
 TMASE
  • TMASE Engine: 7.0
  • TMASE Pattern: 0158