Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Easter E-Card Virus

Created: 14 Apr 2009 20:09:32 GMT • Updated: 23 Jan 2014 18:35:57 GMT
Vivian Ho's picture
+1 1 Vote
Login to vote

Happy Easter! Are you really blessed? Spammers always have favorite holidays. And while they couldn’t join your family for an egg hunt this year, they didn’t forget to send their greetings during Easter week. During the past week we observed fraudulent e-card notifications spoofing a well known Internet e-card service site.

The message contains legitimate From: and Subject: lines, along with a heart-warming Easter message to make up the body content. Spammers used a legitimate-looking pick up notification hyperlink to lure the recipient to click it. However, a PHP URL is embedded into HTML, which actually links users to another URL where malicious code may be downloaded onto their system.

This is a typical spam tactic, but recipients should still be aware of it during this post-holiday season, since the scam still exists. We urge recipients to be aware of this type of greeting to avoid vicious attacks. Most importantly, do not open emails with suspicious PHP or executable files.

Embedded URL:

hxxp://easter.wow[removed].com/view.php

 

hxxp://[removed].com/[removed]/e-card.gif.exe

Sample message: