Not another eCard - malware attacks via email

Filed Under: Malware, SophosLabs, Spam

ecard, ecard, ecard

2007 was the year of 'Storm' (also known as Dorf).

One of the social engineering techniques it used (and which probably contributed to its success) was the lure of an electronic creating card or 'eCard'.

Over the course of the year we had a seemingly endless stream of greetings for practically every conceivable reason: Halloween, Christmas, 4th of July and so on.

Publicity around Storm seems to have died off over recent months, although there is still a lot of discussion about it in industry.

One thing is for certain though, fake greeting cards are still popular with the malware authors. Looking at the current flood of malware coming into our spam traps, eCards are back with a vengeance!

ecard31.JPG

In this case, the authors aren't even trying to make an excuse for it nearly being Halloween, instead just telling the recipient to open the attachment. Judging by the volumes, they seem to be following the "if I ask often enough, someone will open it" approach. Please don't!!

At the same time, there is another slightly more sophisticated campaign going on, this time with links to a website, and a well crafted 'fake' message that appears to be from Hallmark cards.

Closer examination shows that the link is not, in fact, to ecards.msn.co.uk but to a site that appears to be hosted in Spain.

So at the risk of offending, if you receive an email saying you've received an 'ecard', you probably aren't as popular as you think you might be. In fact you certainly won't be if you open it, click on it, or do anything other than hit "Delete".

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s