We've had Dasher trying to disrupt computers over the Xmas period, now Santa Claus himself is trying to get in on the action.
Rather than targeting Windows machines though, the new IM.GiftCom.All worm is using instant messaging to spread its unjolly message. The worm promises to take users of AOL, Yahoo and Microsoft's IM software to a festive Santa site.
But clicking on the link will take users to a different site where a malicious file is downloaded to your computer. The file is difficult to detect with conventional anti-virus tools and also attempts to shut down anti-virus software while it collects personal information, then redistributed over the Internet.
The message comes from someone already present on a user's "buddy list", said Art Gilliland, vice president of products for security company IMlogic. It contains a supposed link to a URL starting "santaclause.aol.com/..."
Users are advised to avoid clicking on anything sent through an instant-messaging system unless they have verified that the file or picture is legitimate and the sender intended to pass it along, Gilliland said.
IMlogic recently identified an instant-messaging bot that produces canned assurances that a file is legitimate when the recipient replies to check its authenticity, so it's important to take extra care to verify the sender's intentions, he said.