Security flaws threaten Christmas shoppers

By | December 21, 2006

There has recently been a considerable increase in online transactions due to Christmas shopping. The security of these transactions could be seriously compromised due to multiple vulnerabilities affecting computer systems.

Several flaws have just been identified in some Microsoft applications: two of them affecting Microsoft Word, and the other affecting Windows Media Player. These vulnerabilities could allow malicious programs or attackers to obtain confidential information, bank details, account numbers, etc. of affected users.

However, users should not only be concerned about software vulnerabilities this Christmas. At a time when Christmas shopping is at its peak, the amount of spam in circulation doubles. Much of this junk mail includes links to fake online shopping or banking web pages, asking users for confidential data, a practice known as phishing. Another malicious practice widely used during the holiday season involves offering users free Christmas cards that they can download from a certain link. If the user clicks on the link, they will actually be downloading malicious code to their computers.

Malware creators are now primarily motivated by the lure of financial gain. By using vulnerabilities like those already mentioned to install Trojans on users’ computers, or launching phishing emails to trick unwitting online shoppers, attackers can compromise the confidentiality of online transactions, Internet purchases or visits to banking sites.

The Christmas season has always witnessed an increase in attacks. The MerryX.A Trojan, which hit the Internet in December 2005, arrived in a message with the subject “Merry Christmas!” and hid behind a Santa Claus animation with Christmas music. A year before, the Zafi.D worm caused an Orange Alert as it tried to pass itself off as a Christmas card in several languages. Also in 2004, PandaLabs detected three variants of the Atak worm included in emails with Christmas greetings. Further back still, we had Maldal.C, which was launched in 2003 and, like MerryX.A, used a Santa Claus Christmas card to infiltrate systems.

Leave a Reply