Watch Out for Emails With 'Christmas Party' as the Subject Line

The end of the year holidays are around the corner. Under normal circumstances, we would all be planning holiday parties, but 2020 is the year of lockdowns, quarantines, and super viruses. Because of this, we are unlikely to organize or attend office parties. Nonetheless, you might receive emails about such parties anyway, and if you do, you have to remember the 'Christmas Party' Email Virus. Are you familiar with an infection called the Emotet Trojan? If you are not, let us warn you that this malware is one of the most notorious threats of the past few years. Last year, researchers discovered that it was spreading with the help of the 'Christmas Party' Email Virus, but although the pandemic might have ruined our holiday plans, the attackers behind the Emotet Trojan might still use the same campaign this year.

It is unlikely that you can find a person who has not received a phishing email in their lives. Normally, these go straight to the spam folder, and we remove them without thinking much about it. However, normal emails tend to be identified as spam too, which confuses people. And that is especially true for work emails. It can be detrimental for business to ignore or remove a completely harmless email from the spam folder, which is why workers are more likely to investigate those. Well, this is good news for the 'Christmas Party' Email Virus. Last year, this email used at least two unique subject lines, including “Christmas party” and also “Christmas Party next week.” The message inside suggested looking at an attached file that, supposedly, introduced the menu for the Christmas party. Several different versions of the attachment were found, and their names were “Christmas party.doc” and “Party menu.doc.” Upon opening this file, the recipient was asked to enable editing or enable content, and if the button was clicked, macros was executed, and the malicious Emotet Trojan was downloaded.

The Emotet Trojan is not feared for no reason. According to our malware experts, this malware has no problem downloading and executing additional threats. In many cases, these are banking trojans, info stealers, and keyloggers. The trojan is known to be capable of performing brute-force attacks, which can be used to breach accounts protected by weak, easy-to-guess passwords. Emotet can also steal login data that is saved within browsers and email clients, and it can spread itself across the network via network shares over the SMB protocol. It is very helpful that the threat can also read contacts from the email address book and send phishing emails. This is why the 'Christmas Party' Email Virus can address specific people, making the phishing email that much more believable. If the 'Christmas Party' Email Virus is sent from someone within the company, it might not even be flagged as spam or dangerous immediately. This is why you should always pay attention to even the smallest details. Does it make sense that the sender is responsible for contacting people about a Christmas party? Are you working remotely, and it makes no sense that anyone is planning a Christmas party during the pandemic? Pay attention.

The strength of cybercriminals is that they are quick to adapt. Perhaps, we will not see the 'Christmas Party' Email Virus spreading this year. However, a similar phishing email could be set up to help the Emotet Trojan spread once more. You could be sent a Thanksgiving email with an attached “thank you card” or a New Years Bonus email with an attached document that, supposedly, details the bonus information. The Emotet Trojan is not dead, and the attackers behind it could come up with all kinds of schemes to help it proliferate. Therefore, you have to be very cautious about what emails you receive and, most importantly, interact with. If you are responsible for a team or an entire office, take an hour to organize a security meeting to educate your colleagues, or, at the very least, send a memo warning about how to recognize phishing emails and how to report them to the internal IT team.