Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Phishers Will Sniff Out Anything of Value | Main | Love Hurts Even More »

June 29, 2008

That E-Card Isn't From Hallmark

For many years now, malware distributors have sent email messages telling recipients that they have received an e-card, and that they should "click here" to retrieve it. The links to, and bogus identities of, the e-card holders were typically lesser-known e-card businesses—usually a legitimate Mom & Pop type online business whose name had been abused by the crooks.

One of the best known greeting card brands in North America, Hallmark, is being used today in a lure to get unsuspecting victims to load a well-known Trojan onto their systems:

From: "hallmarkonline.com" <cards@hallmarkonline.com>
Subject: A Hallmark E-Card from your Friend

If you display the message's image, you see this:

Fake Hallmark e-card notice.

It's rich that the message shows steps to follow if "you're concerned about online security," because if you click anywhere on the image, you actually click a link directly to the Trojan file (card.exe) located on a hijacked web server in the U.K. Clicking the link downloads the file, which, if then opened by you, will install a backdoor for crooks to take over your machine.

Not only do you not get a card from "a friend," but you've just given a great gift to a criminal gang. And it's exactly what they wanted.

Posted on June 29, 2008 at 07:13 AM