Greetings,

I suppose I should start off saying Merry Christmas to everyone. As everyone knows, Christmas is a time when relatives that you didn't know you had, send you an online Christmas card. Unfortunately the bad guys seem to know this too. Over the last few days we have seen a large increase in the number of Storm emails.

Others have also seen this. So it goes without saying, be careful when it comes to viewing online cards. A lot of the malware we see propagates by pretending to be an online card of some sort.

On a similar note, some of you may have noticed that eBay has sent out an email Christmas card. Unlike the hundreds of phishing and/or malicious e-cards we receive at AusCERT, this one is legitimate. The way eBay recommends checking it is legitimate, is to see that it includes "your registered name". While that check does help, we have seen scams that do actually include the persons real name before. Personally, after working at AusCERT for 6 months, I treat every e-card as suspicious and double check things like SSL certificates, URL's and HREF links, and of course file extensions and types.

In other news, this week has seen the release of a new version a Adobe Flash Player. This may be a good time to check that your computer, and any computers you administer, are updated to the latest version of Flash Player.

I hope everyone enjoys the New Year (and the eve before it)!

Regards,
Richard