Like us, cybercriminals enjoy the festive season and that can sometimes reflect in their malicious activities. In 2011 we saw a Zeus banking trojan Panel - a user interface for herding Zeus-infected machines - with a Christmas themed background.
Today, we came across a website providing free Christmas graphics along with an early but unwanted Christmas present. The website christmas-graphics-plus[.]com is injected with malicious code that leads users on a virtual sleigh ride to Angler Exploit Kit (EK) and drops the new CryptoWall 4.0 ransomware. If you were to visit this grotto, then all of your documents would be encrypted and held to ransom - including your Christmas card address book. The real Nightmare Before Christmas.
