"Since there are no patches currently available for these vulnerabilities, they represent an easy channel to carry out computer attacks. It is therefore necessary to combine traditional security solutions with proactive technologies capable of detecting unknown threats," said Luis Corrons, director of PandaLabs.
As Christmas is closely approaching and last minute shopping is at its peak, the amount of spam in circulation doubles. Much of this junk mail includes links to fake online shopping or banking web pages, asking users for confidential data, a practice known as phishing. Another malicious practice widely used during the holiday season involves offering users free Christmas cards that they can download from a certain link. If the user clicks on the link, they will actually be downloading malicious code to their computers.
Malware creators are now primarily motivated by the lure of financial gain. By using vulnerabilities like those already mentioned to install Trojans on users' computers, or launching phishing e-mails to trick unwitting online shoppers, attackers can compromise the confidentiality of online transactions, Internet purchases, or visits to banking sites.
The Christmas season has always witnessed an increase in attacks. The MerryX.A Trojan, which hit the Internet in December 2005, arrived in a message with the subject "Merry Christmas!", and hid behind a Santa Claus animation with Christmas music. A year before, the Zafi.D worm caused an Orange Alert as it tried to pass itself off as a Christmas card in several languages.
