Happy HallowEcard

Image (2) halloween2.jpg for post 21276

As much as we wish ecard spam was gone, we can’t say we’re surprised to see Halloween themed ecard messages. As usual they’re back with only a few words of content, the usual IP address link, and this time a seasonal subject header about Halloween such as “Happy Halloween” and “Dancing Bones”. When you click the link you see a page as follows.

Halloween Ecard

As tempting as it sounds to play a funny sexual halloween game with a dancing skeleton, I opted not to give the game a try. When visiting the page there is some malicious javascript code (detected as Troj/JSXor-Gen) which tries to get you to download a number of infected files. The link on the page itself links to a “halloween.exe” file which again is detected as Mal/Behav-146.

Interestingly enough, while doing analysis on the site we refreshed the page a few minutes after first visiting it only to find a new image for users to click.

Halloween Ecard 2

It’s a lot prettier than their first attempt at a page, which in turn could make it a little more convincing for users to download the file.

It should be interesting to see what new variation they come up with next.