June 29, 2008That E-Card Isn't From Hallmark
For many years now, malware distributors have sent email messages telling recipients that they have received an e-card, and that they should "click here" to retrieve it. The links to, and bogus identities of, the e-card holders were typically lesser-known e-card businesses—usually a legitimate Mom & Pop type online business whose name had been abused by the crooks.
One of the best known greeting card brands in North America, Hallmark, is being used today in a lure to get unsuspecting victims to load a well-known Trojan onto their systems:
From: "hallmarkonline.com" <firstname.lastname@example.org>
Subject: A Hallmark E-Card from your Friend
If you display the message's image, you see this:
It's rich that the message shows steps to follow if "you're concerned about online security," because if you click anywhere on the image, you actually click a link directly to the Trojan file (card.exe) located on a hijacked web server in the U.K. Clicking the link downloads the file, which, if then opened by you, will install a backdoor for crooks to take over your machine.
Not only do you not get a card from "a friend," but you've just given a great gift to a criminal gang. And it's exactly what they wanted.Posted on June 29, 2008 at 07:13 AM