Happy HallowEcard

Filed Under: SophosLabs, Spam

As much as we wish ecard spam was gone, we can't say we're surprised to see Halloween themed ecard messages. As usual they're back with only a few words of content, the usual IP address link, and this time a seasonal subject header about Halloween such as "Happy Halloween" and "Dancing Bones". When you click the link you see a page as follows.

Halloween Ecard

As tempting as it sounds to play a funny sexual halloween game with a dancing skeleton, I opted not to give the game a try. When visiting the page there is some malicious javascript code (detected as Troj/JSXor-Gen) which tries to get you to download a number of infected files. The link on the page itself links to a "halloween.exe" file which again is detected as Mal/Behav-146.

Interestingly enough, while doing analysis on the site we refreshed the page a few minutes after first visiting it only to find a new image for users to click.

Halloween Ecard 2

It's a lot prettier than their first attempt at a page, which in turn could make it a little more convincing for users to download the file.

It should be interesting to see what new variation they come up with next.

You might like