Bad tidings as spam spreads malware

SophosLabs are intercepting a major new malicious spam campaign which is disguising itself as a greeting card from “someone who cares about you”.

Malicious greeting card message

The messages, which have been sent to email addresses around the globe, typically read similar to the following:

Good afternoon,
You have just received a postcard Greeting from someone who cares about you..

Please find zip file with your Greeting Card attached to this mail!

Thank you for using services !!!
Please take this opportunity to let your friends hear about us by sending them a postcard from our collection !

The messages come complete with an attached ZIP file ( which contains a malicious payload, designed to infect Windows computers.

Subjects used in malicious Greeting Card campaign

Subject lines being used in the campaign vary somewhat, but here are a few:

You have a new Greeting !!!

New Greeting for you!

Hey, you have a new Greeting !!

You've received a greeting from a family member!

Some of the subject lines also feature women’s names, which may be intended to make the emails more believable.

As you have hopefully twigged by now, opening the attached ZIP file is not to be recommended. Sophos products identify the ZIP file as Mal/BredoZp-B and the enclosed malware as Troj/Agent-NMP.

Maybe if people weren’t so quick to believe everything they read in their email attacks like this wouldn’t work. I guess it’s only human to hope that someone out there really cares about us – but in this case, it’s just a social engineering ruse to trick you into opening a dangerous attachment.