Have you received email messages in the last several weeks with several random words in the subject line, and a random sentence in the message body? If your answer is yes, then you are one of the victims of the ongoing directory harvesting attack (DHA) by spammers.
The purpose of a DHA is to find valid email addresses on a domain for future spam attacks. During a DHA attack, any addresses for which the recipient’s email server accepts email are considered valid and will be added to the spammer’s address database to include in future spam attacks.
Fake e-card pickup notices are typically used to deliver malware; however, in the past several weeks Symantec has noticed a series of online pharmacy attacks employing the same strategy. To pick up an e-card, the recipient must click on a link in the message. These links take you to the e-card site and display your card. As with an e-card malware attack, the spammer has replaced this link with one of their cleverly crafted URL traps.
The observed messages appear as if they were sent from some of the more well known online greeting card service providers. However, unlike any legitimate e-card pickup notices, the link will redirect you to an online pharmacy site selling their wares at discount prices.
Here is what the message looks like in an inbox:
A legitimate e-card collection notice will usually provide the name or...
Last month we reported that spammers had used Twitter as bait to lure innocent victims into a phishing trap, and now we’re seeing a wave of fake Twitter invitations that come carrying a mass-mailing worm. The observed messages appear as if they have been sent from a Twitter account; however, unlike a legitimate Twitter message, there is no invitation URL present in the body. Instead, the user will see an attachment that appears as a .zip file that purportedly contains an invitation card.
Invitation Card.zip is the name of the malicious attachment, and it is being identified as W32.Ackantta.B@mm, which was first discovered in an e-card virus attack in February. W32.Ackantta.B@mm is a mass-mailing worm that gathers email addresses from the compromised computer and spreads by copying itself to removable drives and shared folders.
