Return to Sender

Over the past few days our ‘ecard’ (also known as Storm, Nuwar or Zhetalin) author has been changing his tactics. Having moved away from ‘eCards’ to offers of pornography to joining online communities like cookery groups.

It appears that none of these techniques have proved as successful for the malware author because the campaign has resorted back to Ecards again.

Reverting back to eCards

Maybe the motivation is to evade antispam products, as the underlying malware has not been modified enough to get past our generic detection (Mal/Dorf-E) and our automated monitoring system is ensuring it stays that way (over 2500 unique addresses have been seen in the past 7 days)

However, I think we can safely predict it’s not over yet. It’s just a matter of what’s next.