Season greetings are all good and fine, but we must alert our respective user bases that those that don't go along with the seasonal spirit are out there to hurt us.

• Christmas.exe
• Christmas+Blessing-4.ppt
• Christmas_Puzzle.exe
  
• ...

Any of those can and will get you in trouble. And the reliance on anti-virus software should not be too high. The powerpoint file above was detected badly at the time we got our copy of it:

Vendor	Version	Result
AntiVir	7.3.0.21 12.23.2006	EXP/PPT.Dropper.Gen
Authentium	4.93.8 12.22.2006	no virus found
Avast	4.7.892.0 12.21.2006	no virus found
AVG 386	12.23.2006	no virus found
BitDefender	7.2 12.23.2006	no virus found
CAT-QuickHeal	8.00 12.23.2006	no virus found
ClamAV	devel-20060426 12.23.2006	no virus found
DrWeb	4.33 12.23.2006	no virus found
eSafe	7.0.14.0 12.23.2006	no virus found
eTrust-InoculateIT	23.73.97 12.23.2006	no virus found
eTrust-Vet	30.3.3271 12.23.2006	PP97M/MS06-012!exploit
Ewido	4.0 12.23.2006	no virus found
Fortinet	2.82.0.0 12.23.2006	no virus found
F-Prot	3.16f 12.22.2006	no virus found
F-Prot4	4.2.1.29 12.22.2006	no virus found
Ikarus	T3.1.0.27 12.23.2006	no virus found
Kaspersky	4.0.2.24 12.23.2006	no virus found
McAfee	4925 12.22.2006	no virus found
Microsoft	1.1904 12.23.2006	no virus found
NOD32v2	1936 12.23.2006	no virus found
Norman	5.80.02 12.22.2006	no virus found
Panda	9.0.0.4 12.23.2006	no virus found
Prevx1	V2 12.23.2006	no virus found
Sophos	4.12.0 12.22.2006	no virus found
Sunbelt	2.2.907.0 12.18.2006	no virus found
TheHacker	6.0.3.135 12.20.2006	no virus found
UNA	1.83 12.22.2006	no virus found
VBA32	3.11.1 12.23.2006	no virus found

With thanks to Michael for sending in the powerpoint sample.

The abuse of the season greeting habit by the bad guys isn't somthing new. We warned about it last year (Dec 2005) already. It's still just as a valid as it was then.

--
Swa Frantzen -- Section 66