Destructive Holiday Worm Circulating

A destructive worm that began circulating in Europe and the United States early Wednesday hides behind a holiday cheer message, then distributes itself to an Outlook contacts list and delivers a destructive payload.

The worm could be a social-engineering nightmare because many users drop their guard for holiday messages from friends and co-workers, a virus expert warned.

According to Computer Associates, the worm has the subject "Happy New Year" and the message body reads:
I can't describe my feelings
But all i can say is
Happy New Year :)

A 37 KB attachment called "Christmas.exe" carries a Flash Animation icon.

Once the attachment is activated, the message sends itself to all entries in an Outlook contacts list, disables several keys on the keyboard, modifies the registry and deletes files in the Windows System directory.

CA rates the worm a medium to high risk. That threat assessment is much higher than that of some competitors, including Trend Micro, which rates it as low risk.

Ian Hameroff, the director for antivirus solutions at CA, explains that his company gave a higher threat rating for the worm because of its social engineering component.

"It's themed around the holidays. It looks like it's bearing New Year's tidings. Someone may let their guard down, thinking it's a card, even though they've been told numerous times not to touch the hot stove, the hot stove being suspicious executables," Hameroff says.

Hameroff also notes that although the technique is not new, the wide spread of several similar worms in the second half of this year shows that users are far from immune to such worms. He estimates that the worm has the potential to infect thousands of computers.

CA calls the worm W32/Reeezak.worm. Trend Micro calls it Worm_Maldal.C with aliases of Kerzac.A or Kerzac.

A user can interrupt the memory resident program by pressing CTRL-ALT-DEL keys, selecting "sm56hlpr" and clicking "End Task," according to Trend Micro.

But due to the destructive nature of the worm, infected systems can be damaged so severely that they require restoration from backup or reinstallation.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Salesforce Buying Slack for $27 Billion To Bolster CRM Solution

    Salesforce on Tuesday announced the purchase of collaboration software-maker Slack for an estimated $27.7 billion.

  • Dark City Illustration

    The Night the Lights Went Out in the Cloud: Lessons from the AWS Outage

    Last week's AWS outage that broke the Internet showed how critical it is to build applications that can withstand transient failure. Here's what you need to know to design a resilient cloud app (and it doesn't involve multicloud).

  • 5 Steps To Fix Windows Indexing Problems

    The Windows indexing feature doesn't always deliver the correct results of a file search. Here are five troubleshooting steps you can take whenever Windows indexing acts up.

  • Microsoft Adding Simpler Microsoft 365 Admin Center Option for Small Businesses

    The Microsoft 365 Admin Center, used for setting up and managing various Microsoft services, is getting a more lightweight interface designed for "very small businesses," according to a Tuesday Microsoft announcement.

comments powered by Disqus