New Blended Attack Uses E-greeting Message
Avinti, the company that develops e-mail security solutions, has warned that a malware-laden e-mail is attacking users' inboxes under the guise of an apparently innocuous e-greeting message.
This new e-mail attack is one of those recent spam greetings that lures users to open the link in the e-mail to view the card on a seemingly legitimate site but actually connects to a malicious code. This blended threat in its latest form shows the subject head, "Movie-quality e-card" and has the sender's e-mail address to convince the recipient and make him/her click on the evil link.
As soon as the recipient clicks on the URL link, it hastens to install a couple of files on his/her computer that captures the user's confidential data. The download process is automatic without requiring any user intervention, said Dave Green, Avinti's CTO. Business Wire published Green's statement on August 15, 2007.
While the e-mail shows plain text, most e-mail clients capture the plain-text URL and display it so that the user can click on it. This way, the e-mail, in the form of plain text, passes through anti-virus gateway without being detected. If, in case, the Web Id fail to get highlighted, the e-mail directs users to copy and paste the URL into their Web browser, Green added.
There has been a growth in blended attacks, as hackers use this tactic more and more to elude detection by conventional signature-based anti-virus solutions. Last few weeks have seen several e-mails carrying URL-based mixed threats. They showed various subject lines like 'Greeting eCard', 'Animated PostCard', and 'Neighbor Sent You a Greeting'. The e-mails generally show highlighted domains of legitimate Websites including egreetings.com, postcards.com, hallmark.com, netfuncards.com, and 2000greetings.com. There would be other versions coming up, as hackers keep changing domain names, IP addresses, URLs, and e-mail names to evade detection.
People should consider these e-mails as malware attacks because hackers use them to infect systems with malicious code that would perform theft of user's data and also expand their botnets, said Green. Users should never click on the IP addresses or URLs highlighted in such type of e-mails, he said.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 29-08-2007