The anatomy of a greeting:
Just opened the mail in the morning and I see in the junk folder an interesting message.
It appeares that someone sent me an e-card, too bad is not my birthday.
The mail looks like this:
Carol has sent an e-card.
Your Greeting card will be available at:
hxxp://greetingcardcalendar.com/ID=?-XXXXX..X-
This card was sent from 123greetings.com!
At first glance this may look valid to anyone. 123greetings.com is a valid websites with some lovely e-cards.
Now the question that arise, is why the link isn't from 123greetings.com ?
So, we downloaded the webpage and had such a "BIG" surprise, it has a link to a "card.exe". Now that's funny.
How many clean exe e-cards from 123greetings have you seen ? The correct answer is NONE
Fortunately, the "card.exe" (MD5:88dfdfa6ba077c18df753f279a51258d) is already detected by us and several antivirus scanners:
Email-Worm.Win32.Iksmas.by(Kaspersky), W32/Waledac.gen.a(McAfee), Trojan:Win32/Waledac.B(Microsoft)
So, we can learn from this e-mail the fact that even if someone sends us a message that appears to be from a valid website, always check the link to see where it points to.
Enjoy :)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment