In the last few months we have been seeing a rise in the proportion of emails containing malicious attachments. This is something of a throwback to the old days, when worms and Trojan horses were regularly being spread via email rather than being found on compromised websites.
One psychological trick up the hackers’ sleeves that doesn’t seem to have gone out of favour, is to disguise the malware as a electronic greeting card or eCard.
At the moment we’re seeing a lot of spammed-out malicious messages with the subject line “You have received an eCard” pretending to come from legitimate online greeting company 123Greetings.com.
Attached to the emails is an archived file, e-card.zip, which contains a malicious Trojan horse that downloads further malware from the internet – including scareware designed to fool you into purchasing a bogus security product.
Sophos detects the Trojan horse as Troj/DwnLdr-HIW, and the emails as spam. Customers have been automatically updated to defend against it, but users of other vendors’ products may want to ensure that they are also defended.
Maybe it’s time that people learnt that opening an unsolicited email attachment is a truly bad idea? It’s over eight years since the LoveLetter virus (also known as ILOVEYOU or The Love Bug) spread around the world using a similar idea, taking advantage of internet users’ willingness to let their guard down when they think they are receiving a personal message from an unknown admirer or friend.