[Update: so far I have two votes for dumb. Maybe I'm giving this spammer too much credit, and it is a simple "spam template fail" ;-) On the other hand, while I wouldn't vote "evil genius", I'd still love to know how many people actually fall for this - I don't have a problem envisaging a naive victim. :)]
Sophos's Graham Cluley has published a blog about his contender for "the dumbest malware attack he's seen this week": spammed malware received on the 19th March with an attachment that's supposed to be a Christmas card.
Well, I take his point: it does seem pretty stupid.
But let's think about this for a moment. Of course, if you're reading this, you're probably cautious already about opening spammed attachments and less susceptible to this particular social engineering ploy (and, hopefully, running up-to-date security software which might well catch it). But if you were one of the more naive or less well-informed people who do click on attachments without thinking too hard about it, would you be put off by the anachronistic timing? Or would it make you more curious?
I think you might actually want to know who it was from and why it was so late. What do you think?
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/