I saw something quite funny when checking out the spam feeds the other day. An attachment kept appearing, once in a while, with a name of Christmas Card.zip. It was making sporadic appearances in the feeds (and the number of spam email messages was quite low), but there were a couple of these odd messages at equally odd hours of the day:
The email message itself was a run-of-the-mill electronic greeting card with an HTML body containing a nice Flash animation—the Flash animation actually comes from a legitimate source (123greetings.com). The email body contains a message asking the user to open the attachment to see who sent the email. Of course, opening the attachment yields a malicious file. The name of the file inside is _**Christmas Card.htm[MANY SPACES].exe **_and it is already detected by Symantec as W32.Ackantta.G@mm.
The question I leave you with is this: are the people behind the Ackannta worm living in some kind of a parallel universe or time warp where every day is Christmas? Or perhaps it is some worm gone out of control? I’ll leave you to ponder that one. Bearing in mind that it is now mid-February, you can either consider them late to the Christmas party or way too early.