telecoms
Applications
Broadband
Digital Content
Fabric
Mobile
pcs
Chips
Graphics
Hardware
Internet
Notebooks
Peripherals
Servers
Software
Unusual
outsourcing
BPO
Outsourcing
CRM
business
Financials
Legal
Logistics
Resellers
Retail
Security
NewsNow
RSS Feed
Friday, 5 December 2008 07:27 UK Bengaluru, India


 

Hallmark e-Card Trojan back

For idiots who didn't catch it the first time

By Dave Murray @ Thursday, July 24, 2008 7:10 PM

 
 

There has been a sudden upsurge in the number of cases of people falling for the 'You've received a Hallmark E-Card!' scam.

Messagelabs has identified and intercepted emails from 25,000 IP addresses containing a new virus that arrives from sender postcards@hallmark.com with the subject line, and an attachment entitled postcard.zip.

The postcard scam used to be the scam of choice for the Storm botnet however this one appears to have few new twists on the theme. In a press release Messagelabs said that instead of linking directly to the malware hosted on a compromised web server somewhere, the malware is disguised as an attachment.

When executed, the Trojan copies itself to the Windows system directory as a file called postcard.exe and adds a run key to the windows Registry so that it will run itself when the computer re-boots. The Trojan recruits the victim computer to an IRC botnet. It then immediately sends out emails with the virus attached to other email addresses, some of which are found by scanning the victim's computer.

While it might seem strange that virus writers would bother using such an old trick to get people to download what is obviously a Trojan, Matt Sergeant, Senior Anti-Spam Technologist, MessageLabs said that if it works, then the malware authors and spammers will continue to use them. X

 
Copyright 2008 - ITExaminer.com  Terms Of Use  Privacy Statement  Contact Us