PC users are being spoiled rotten this year: another piece of malware purporting to be a message from Santa is delivering surprise gifts over the Internet disguised in an electronic greetings card.The Trojan horse “MerryX.A” is delivered in an e-mail which encourages the recipient to open an attached “animation”. While the animation of Santa Claus delivering presents plays, a piece of malware hiding behind the name “SQLServer.exe” is installed on PCs running Windows, according to security staff at Panda Software SL’s PandaLabs.The software transmits information about the infected computer to a remote server, and then attempts to download files, which could include other malware, Panda said.Earlier this week, security researchers identified an instant-messaging (IM) worm, IM.GiftCom.All. Once it has infected a computer, the worm searches the contact databases of installed IM applications, and sends messages to the contacts it finds, encouraging them to visit a Web site. If the recipients click on the link, the Web site attempts to download another piece of malware to infect their PCs, which in turn spread the message further. The end-of-year holidays provide plenty of opportunities for malware writers to hone their social-engineering skills, as Internet users are unsurprised to receive brief messages with a seasonal theme from long-lost friends or distant business contacts.This time last year, someone modified the Zafi e-mail worm to spread itself in a message entitled “Merry Christmas.” As at any other time of year, security researchers advise users that the best defense is to check out unsolicited attachments or Web links with the purported sender before opening or clicking on them.By Peter Sayer – IDG News Service (Paris Bureau) Related content opinion Preparing for the post-quantum cryptography environment today It’s a mistake to put off the creation of precautions against quantum threats, no matter how far in the future you might think quantum computing will become a reality. By Christopher Burgess Sep 26, 2023 5 mins CSO and CISO Encryption Threat and Vulnerability Management feature What is WorldCoin's proof-of-personhood system? What does the blockchain, AI, and custom hardware system featuring a shiny, eye-scanning orb mean for the future of identity access management? By Matthew Tyson Sep 26, 2023 12 mins Cryptocurrency Cryptocurrency Cryptocurrency news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Government Incident Response news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Cyberattacks Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe