Tis the season to be scammed….

Tis the season to be scammed …. yep it’s starting already!

Cybercriminals start spamvertising Xmas themed scams and malware campaigns – ZDNet – Zero Day

Dancho Danchev for Zero Day writes;

Security researchers from Symantec are warning about a recently intercepted flood of Xmas themed malicious and fraudulent campaigns. Isn’t it too early for such type of campaigns to be launched, or are the spammers behind these campaigns relying on a different set of marketing tactics? The campaign is a great example of a flawed event-based social engineering attempt. Not only are the senders completely unknown by the recipients, but also, users are exposed to fraudulent E-shops for counterfreit shops, something that weren’t looking for to begin with.


Just what people needed, right? More Spam and Malware!

Be wary of your inbox – don’t be duped! – and realize it will only get worse as time gets ever closer to the Holidays.

More from Symantec’s website article: You Have Received a Christmas Card

It is more than a month until Christmas, but spammers are all set to spam the vacation season. We have observed Christmas related spam messages flowing into the Symantec Probe Network.

For greeting card spam, spammers used a legitimate look and feel in the email with headers (Subject & From) and flash animations that included a message to open the “Christmas Card.zip” attachment. After opening the attachment, the malicious code is downloaded on to the user’s system. Symantec detects the attachment as W32/AutoRun.BBC!worm.

Fake product offer Web page (Symantec article on Christmas card scam and malware)  - Click image to view the article at Symantec

Fake product offer Web page (Symantec article on Christmas card scam and malware) – Click image to view the article at Symantec

This is just one of likely a huge number of scams to get malware on your computer. Beware your email bearing cards and unwanted embedded malware (malicious software)!

I am also pretty sure they will not keep it to just email either. We should also be wary of ads on webpages with this type of scam too. So be very careful when surfing around the Internet as well!

New Flash Player Zero Day

[tweetmeme source=”franscomputerservices” only_single=false]ZDNet reports, Adobe warns of new Flash Player zero-day attack:

Hackers are embedding malicious Flash Player files in Microsoft Word documents to launch targeted attacks against select businesses, according to a warning from Adobe.

These are being used to steal secrets from corporations, likely through downloaded and emailed MS Word documents such as Excel.

Adobe is working on patches for Flash 10.2.x and for earlier versions as well, for just about every OS out there.

Adobe Reader X protected mode will “prevent an exploit of this kind from executing.” The actual fix won’t come till their normal patch cycle in June for Adobe Reader. So be sure to get the latest version (Adobe Reader X)!

Much more in the article including information and links to Adobe’s security release.