Xmas eCard Spam - Malicious Downloader
'Tis the season of exchanging greetings,what with Thanksgiving and Xmas rounding out the year's end.Unfortunately, malicious code writers are on the job trying to exploitthese occasions by sending out mass spam email greeting cards withattractive and fancy links that serve the purpose of downloadingmalicious files to a victim's computer.
These eCards are purportedly sent from a legitimate source and tryto lure the victim to click on the link to view the eCards, which haveunderlying tricks to try and infect the computer. With the Xmas bellsstarting to ring, here is the first incidence where Xmas ecards havestarted doing the rounds. The URL included in the eCards attempts todownload "sos385.tmp" file, which is a downloader.
In this particular sample below, the "From:" header alias isdisplaying an eCard from a well known company; however, it is of coursea spoofed header. The spammer has also deliberately inserted the text "(no worm , no virus)" inside the mail body to mislead the victim and entice them to click on the link.
Subject: This is my one-off Xmase-card for you ^_^ Very nice
From: ***** Ecard !!! XXXXX@*mail.com
Date: Sat, 17 Nov 2007 05:11:16 -0600
http://uklotttery.us/?id=ecard << This is my one-off Xmase-card for you ^_^ Very nice
(no worm , no virus)
Please be aware of this and other suspicious emails that arecirculating. Do not open any links in emails that have been sent from asender that you do not know; in fact, it is often best if you don'teven open an email if you do not recognize the sender and are notexpecting the email in the first place.