It’s been an extremely busy on the spam front this Labor Day Monday, in particular this morning with a large new ecard campaign, and as predicted only a few days ago it’s morphed again.
Today’s offering shows that the author is deliberately targeting a North American market, since it’s based around the Labor Day holiday itself. With subject lines including “Happy Labor Day”, “A Labor Day E-Card” and “The Big Labor Day Weekend”, the spam claimed to have links to a wide range of legitimate websites, including MSN, Yahoo and Google (eg addresses starting http://msn.com/funny/laborday?, http://yahoo.com/07greetings/laborg? and http://google.com/funcard/hol07?) – of course the links themselves pointed to compromised computers instead.
If you fell for this social engineering and followed the link, you found yourself at a page with the image shown above and an instruction to “Click on the image, download the file and then press Run. Enjoy!”. If you followed these directions you ended up with the file labor.exe, detected proactively as Mal/Dorf-A since the start of August – a fact that made my Labor Day, anyway.