1 Reply Latest reply on Dec 29, 2008 8:20 AM by HarryWaldron

    Fake Holiday eCards: Are You Surprised?

      Yesterday, we started to receive reports of emails pretending to carry links to holiday cards. These emails contain a link that points to a file named ecard.exe. Of course, this executable is not a seasonal holiday card but malware. The reason this wave of malware has attracted our attention is that it is very similar to the Storm Worm attacks we were seeing last year.

      Although this attack uses fast-flux to make it harder to trace its web servers and a redirection page very similar to those used by Storm last year, this is not the resurrection of the Storm botnet. Analysis of the binary proves it to be different to Storm. It was programmed using a different programming language and includes different functionalities. This malware, detected as a variant of Win32/Waledac by ESET Antivirus, has no peer-to-peer capabilities and uses an open-source packer instead of the custom packers used by Storm. Also, the Waledac threat has cryptographic capabilities that were not present in Storm.

      What we are observing today is proof that malware authors are learning from each other’s errors and successes. After seeing that Storm was able to infect thousands of systems last year with Christmas-related social engineering, the criminals behind other malware families are now trying to emulate that success.

      Pierre-Marc Bureau
      http://www.eset.com/threat-center/blog/?p=273
        • 1. RE: Fake Holiday eCards: Are You Surprised?
          Thanks Paul for sharing ... Additional info noted below

          Malware e-card spam attacks increase
          Trend is reporting a significant increase in malicious e-cards circulating in email. Users should avoid all e-cards except those from truly legitimate sources. Keeping AV protection up-to-date is also beneficial.

          Malware e-card spam attacks increase
          http://blog.trendmicro.com/merry-malware-greetings-flooding-inboxes/

          QUOTE: A significant amount of e-card spam has flooded inboxes recently, taking advantage of the upcoming holiday season. Spam mails contain holiday greetings and a short message informing users that they have received an e-card from someone. Also in the email is an embedded URL link where the recipient can view or claim their e-card.

          SUBJECT LINES TO AVOID:
          A Christmas card from a friend
          A special card just for you
          Christmas card for you
          Christmas Ecard Notification
          Christmas Ecard Special Delivery
          Christmas greetings e-card is waiting for you
          Christmas greetings for you
          Christmas greetings from your friend
          Christmas Wishes!
          Greeting for you!
          Happy Christmas!
          Have a warm an lovely Christmas!
          I made an Ecard for U!
          I sent you the ecard
          Joyful Christmas!
          Merry Christmas 2009!
          Merry Christmas card for you!
          Merry Christmas e-card is waiting for you
          Merry Christmas greetings for you
          Merry Christmas ‘N Happy New Year!
          Merry Christmas To You!
          Merry Christmas wishes just for you
          Merry Christmas!
          Merry Xmas!
          Warmest Wishes For Christmas!
          Wish You A Merry Christmas!
          Xmas card for you
          Xmas card is waiting for you
          You have a Christmas Greeting!
          You have a greeting card
          You Have An E-card Waiting For You!
          You have received a Christmas E-card
          You have received a Christmas greetings card
          You have received an E-card
          You Received an Ecard.
          You’ve got a Christmas E-card
          You’ve got a Christmas greetings card
          You’ve got a Merry Christmas E-card
          You’ve got a Merry Christmas greeting card
          You’ve got a Xmas e-card
          You’ve got an e-card