Bad tidings as Greeting_Card.zip spam spreads malware

Filed Under: Malware, Spam

SophosLabs are intercepting a major new malicious spam campaign which is disguising itself as a greeting card from "someone who cares about you".

Malicious greeting card message

The messages, which have been sent to email addresses around the globe, typically read similar to the following:

Good afternoon,
You have just received a postcard Greeting from someone who cares about you..

Please find zip file with your Greeting Card attached to this mail!

Thank you for using www.Greetings.com services !!!
Please take this opportunity to let your friends hear about us by sending them a postcard from our collection !

The messages come complete with an attached ZIP file (Greeting_Card.zip) which contains a malicious payload, designed to infect Windows computers.

Subjects used in malicious Greeting Card campaign

Subject lines being used in the campaign vary somewhat, but here are a few:

You have a new Greeting !!!

New Greeting for you!

Hey, you have a new Greeting !!

You've received a greeting from a family member!

Some of the subject lines also feature women's names, which may be intended to make the emails more believable.

As you have hopefully twigged by now, opening the attached ZIP file is not to be recommended. Sophos products identify the ZIP file as Mal/BredoZp-B and the enclosed malware as Troj/Agent-NMP.

Maybe if people weren't so quick to believe everything they read in their email attacks like this wouldn't work. I guess it's only human to hope that someone out there really cares about us - but in this case, it's just a social engineering ruse to trick you into opening a dangerous attachment.

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.