cancel
Showing results for 
Search instead for 
Did you mean: 

Fake Holiday eCards: Are You Surprised?

Yesterday, we started to receive reports of emails pretending to carry links to holiday cards. These emails contain a link that points to a file named ecard.exe. Of course, this executable is not a seasonal holiday card but malware. The reason this wave of malware has attracted our attention is that it is very similar to the Storm Worm attacks we were seeing last year.

Although this attack uses fast-flux to make it harder to trace its web servers and a redirection page very similar to those used by Storm last year, this is not the resurrection of the Storm botnet. Analysis of the binary proves it to be different to Storm. It was programmed using a different programming language and includes different functionalities. This malware, detected as a variant of Win32/Waledac by ESET Antivirus, has no peer-to-peer capabilities and uses an open-source packer instead of the custom packers used by Storm. Also, the Waledac threat has cryptographic capabilities that were not present in Storm.

What we are observing today is proof that malware authors are learning from each other’s errors and successes. After seeing that Storm was able to infect thousands of systems last year with Christmas-related social engineering, the criminals behind other malware families are now trying to emulate that success.

Pierre-Marc Bureau
http://www.eset.com/threat-center/blog/?p=273
1 Reply

RE: Fake Holiday eCards: Are You Surprised?

Thanks Paul for sharing ... Additional info noted below

Malware e-card spam attacks increase
Trend is reporting a significant increase in malicious e-cards circulating in email. Users should avoid all e-cards except those from truly legitimate sources. Keeping AV protection up-to-date is also beneficial.

Malware e-card spam attacks increase
http://blog.trendmicro.com/merry-malware-greetings-flooding-inboxes/

QUOTE: A significant amount of e-card spam has flooded inboxes recently, taking advantage of the upcoming holiday season. Spam mails contain holiday greetings and a short message informing users that they have received an e-card from someone. Also in the email is an embedded URL link where the recipient can view or claim their e-card.

SUBJECT LINES TO AVOID:
A Christmas card from a friend
A special card just for you
Christmas card for you
Christmas Ecard Notification
Christmas Ecard Special Delivery
Christmas greetings e-card is waiting for you
Christmas greetings for you
Christmas greetings from your friend
Christmas Wishes!
Greeting for you!
Happy Christmas!
Have a warm an lovely Christmas!
I made an Ecard for U!
I sent you the ecard
Joyful Christmas!
Merry Christmas 2009!
Merry Christmas card for you!
Merry Christmas e-card is waiting for you
Merry Christmas greetings for you
Merry Christmas ‘N Happy New Year!
Merry Christmas To You!
Merry Christmas wishes just for you
Merry Christmas!
Merry Xmas!
Warmest Wishes For Christmas!
Wish You A Merry Christmas!
Xmas card for you
Xmas card is waiting for you
You have a Christmas Greeting!
You have a greeting card
You Have An E-card Waiting For You!
You have received a Christmas E-card
You have received a Christmas greetings card
You have received an E-card
You Received an Ecard.
You’ve got a Christmas E-card
You’ve got a Christmas greetings card
You’ve got a Merry Christmas E-card
You’ve got a Merry Christmas greeting card
You’ve got a Xmas e-card
You’ve got an e-card