An interesting Christmas greeting conveying the warmth of the season and the jingles of Santa's reindeer could bring smile to your lips but could snip a lot from your pocket, warn cyber experts.
With many consumers using corporate networks to access intenet in the run up to Christmas and with many more hoping to complete their Christmas shopping online, cyber criminals were waiting to use these opportunities to attack, says Surendra Singh of Websense International Limited, leader in integrated web, data and email security.
Clicking on an e-greeting from an unknown source could actually be an invitiation to ''phishing attacks and hosting malicious codes, he warns when talking about a seemingly innocuous looking mail.
The lure of freebies and discounts during Christmas and the umpteen attractive offers hosted on various websites could seem attractive for many consumers to opt for Christmas discounts, but all the attractively packed free goodies or discounted ones, could carry with them sinister mails of hackers waiting to steal your personal data or destroy your system by planting a host of malicious codes.
Simply browsing an infected Christmas-themed website could allow the code to be executed that exploits the vulnerabilities in software installed on the machine. The vulnerable software could range from the browser itself, to the operating system,to the third party plug-ins. "It is not only exploits that could be run in the case of a drive-by, malicious applications could be secretly installed at the time as a seemingly innocent Santa Claus screen saver is installed into a compromised machine", says Singh whose company recently completed a survey on internet users.
"Don't succumb to the curiousity, double check to see whether the `sender' really send you that lovely greeting", cyber experts said
The sight of pretty snowflakes gently falling on the Christmas tree might all be appealing to your sense of a White Christmas, but cyber experts warn that this animated file is used while a backdoor Trojan is installed.The Dancing Decoy as it is termed, is used to distract the user attention through attractive screen saver, picture and animation to launch the attack.
The user is only aware of the image and has no knowledge of what is happening in the background. This attack could be prevented by not opening e-mail attachments you do not trust. "Watchout for fun-looking videos hosted on websites. They may unleash something you weren't really expecting," says a cyber expert.
It is not just Santa that could slip down the chimney this Christmas to deposit your gifts in the stocking. `Slipping Down the Chimney', is a new internet attack vector that allows the bad guys to slip past anti-virus protection. The technique called script fragmentation, involves breaking down malware into smaller pieces in order to beat malware analysis and engines and could potentially render desktop and gateway anti-virus products useless.
The attack could be avoided by disabling the java script to prevent the attack or trying for solutions which can scan active content. Websense five tips to avoiding being a bait during yuletide and ensuring that only the genuine Christmas cake, wine and turkey reaches your table, is to beware of enticing offers, e-greetings and festive attachments and videos.
