Destructive Holiday Worm Circulating

A destructive worm that began circulating in Europe and the United States early Wednesday hides behind a holiday cheer message, then distributes itself to an Outlook contacts list and delivers a destructive payload.

The worm could be a social-engineering nightmare because many users drop their guard for holiday messages from friends and co-workers, a virus expert warned.

According to Computer Associates, the worm has the subject "Happy New Year" and the message body reads:
I can't describe my feelings
But all i can say is
Happy New Year :)

A 37 KB attachment called "Christmas.exe" carries a Flash Animation icon.

Once the attachment is activated, the message sends itself to all entries in an Outlook contacts list, disables several keys on the keyboard, modifies the registry and deletes files in the Windows System directory.

CA rates the worm a medium to high risk. That threat assessment is much higher than that of some competitors, including Trend Micro, which rates it as low risk.

Ian Hameroff, the director for antivirus solutions at CA, explains that his company gave a higher threat rating for the worm because of its social engineering component.

"It's themed around the holidays. It looks like it's bearing New Year's tidings. Someone may let their guard down, thinking it's a card, even though they've been told numerous times not to touch the hot stove, the hot stove being suspicious executables," Hameroff says.

Hameroff also notes that although the technique is not new, the wide spread of several similar worms in the second half of this year shows that users are far from immune to such worms. He estimates that the worm has the potential to infect thousands of computers.

CA calls the worm W32/Reeezak.worm. Trend Micro calls it Worm_Maldal.C with aliases of Kerzac.A or Kerzac.

A user can interrupt the memory resident program by pressing CTRL-ALT-DEL keys, selecting "sm56hlpr" and clicking "End Task," according to Trend Micro.

But due to the destructive nature of the worm, infected systems can be damaged so severely that they require restoration from backup or reinstallation.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft Ending Azure Container Service Support in 2020

    Microsoft gave notice earlier this month that it will be ending its Azure Container Service on Jan. 31, 2020.

  • Microsoft Releases Surface Diagnostic Toolkit for Business

    Microsoft released a new tool, Surface Diagnostic Toolkit for Business, earlier this month, providing a means for IT pros to find and troubleshoot problems on Microsoft Surface devices.

  • How To Enable Guest Access for Office 365

    While it's possible to give outside users access to certain content in your organization's Office 365 environment, the process of setting them up requires a few extra steps.

  • Microsoft Now Supports OpenSSH in Windows Server 2019

    Microsoft announced on Tuesday that the OpenSSH solution used for remote management is now a supported "Features on Demand" addition in both Windows 10 version 1809 and Windows Server 2019.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.