March 16, 2009Malware-Laden Ecards Keep Coming
It's an oldie but apparently a goodie: an email message that claims to come from a legitimate e-card company bearing an attachment that will be cause for anything but a celebration.
The message sender in the one I saw today went to some lengths to recreate the look and feel of the americangreetings.com web site—a genuine service of a well-known (here in the U.S.) company, American Greetings. Except for one rendering glitch in my email reader, it has all the right elements:
I mean, who can resist an email with a picture of kittens wearing Photoshopped party hats?
The email claims to display the start of an e-card message, the remainder of which is promised to be in the attached file, e-card.zip. There is no identification of the sender, and the false message beginning is so generic, it could be in a printed greeting card at the store. On the other hand, all of the links on the page go to real americangreetings.com pages. That could help some recipients believe the message and attachment are legit.
A VirusTotal run of the file comes up with hits for nearly 60% of the tested antivirus brands. It is most commonly identified as being of the Buzus class, which opens a backdoor to an infected PC, allowing it to be pwned via IRC.
Tell your friends and neighbors.Posted on March 16, 2009 at 08:53 AM