Enticing E-cards May Trigger Malware Attacks
The report released by security vendor McAfee Avert Labs in December 2008's first week has revealed two e-card-led spam campaigns that are presently in operation. These e-cards are spreading malware over the Internet, taking advantage of the approaching Christmas holidays, as users easily get attracted during the festive time. Consequently, they may end-up in opening the malicious e-cards.
As per the security experts at McAfee, one of these spam campaigns involves an e-greeting. It links the recipient to an IP address that is hosting an old school IRC/Bot SFX package. They further revealed that the e-mail contains an animated image from a genuine website. However, in actual practice, the IP address (188.8.131.52) belongs to a Hong Kong-based compromised server.
Second spam campaign involves a new worm dubbed "W32/Xirtem@MM". This worm Worm has the capability of spreading by means of peer-to-peer networks and removable storage devices.
W32/Xirtem@MM has a Simple Mail Transfer Protocol (SMTP) engine, which accumulates a large number of its copies to the e-mail addresses obtained from a compromised computer. It makes use of varied subjects like Coca-Cola Christmas promotions, Hallmark E-Cards and McDonalds.
Moreover, to impart a genuine look to the spammed e-mail, animated images inside the mail are straightly borrowed from legitimate parent websites of McDonalds, Hallmark and Coca-Cola, as reported by McAfee in the first week of December 2008.
Meanwhile, spammers are also using their wicked traditional technique to spread Trojan and malware. In this technique, e-cards containing fancy links are sent to the users, which when clicked deliver malware.
Security researchers at McAfee revealed that when a malicious link is clicked, Trojan software gets downloaded onto the user's PC. The e-card appears to be coming from Hallmark asks users to download the attachment in order to obtain their e-cards, as reported by THE TIMES OF INDIA website on December 16, 2008.
However, the most distressing thing for the security experts during this Christmas season is that majority of viruses led by e-cards and Trojan programs are easily tricking traditional antivirus and anti-spam solutions. Hence, the problem is required to be addressed timely.
Related article: Enticing E-mails about Adam Yauch’s Demise Serve Malware
» SPAMfighter News - 25-12-2008