Tuesday, June 12, 2007

Just what Dad doesn't need for Father's Day - a Hallmark card with a Trojan hidden inside

This isn't the first time that malicious software is being sent disguised as an e-card, but when something works, scammers often use it, time and time, again.

Mary Landesman of About.com is warning all of us:

The latest greeting card scam is once again targeting Hallmark. The bogus email claims "you have recieved a Hallmark E-Card!" The first tip-off for the security conscious should be the misspelled 'recieved' - it's I before E except after C (or when sounded like A as in neighbor and weigh). One would assume the prose experts at Hallmark would know their receive from their recieve - which, of course, they would. In any event, the message doesn't even read like a real Hallmark notice, which always identifies the sender by name and gives you an alternate link URL that you can copy and paste in lieu of blindly clicking a link. Why is this important? Because a real Hallmark URL doesn't point to an IP address followed by 'postcard.exe' - which the malicious link does.

Here is information on the particular trojan being delivered in these e-cards, but this could change tomorrow, or might have already. There is a lot of malicious software out there.

And just what does this latest greeting card scam deliver? Like most others, it dishes up a variant of the Zapchast Trojan. Zapchast installs an Internet Relay (IRC) chat client and causes the infected computer to connect to an IRC channel. Attackers then use that connection to remotely command the machine. And you thought forgetting your birthday was bad.

Sounds like another method of turning a computer into a zombie, which is normally used to help spread more spam. Spam is a vehicle for most Internet scams, or at the very least, questionable products.

Spam is reaching epidemic proportions, and seems to be getting past a lot of spam filters, recently. A good place to learn about, or fight spam is spam.abuse.net.

About.com story, here.


worriedinWA said...

The number of fake ecards in my inbox growing daily. Could this be connected to Certegy? i'm livid. The missappropriated bank account information is the account held jointly with my 95 yr. old grandmother.

Ed Dickson said...

Not very likely the two tie into together. A lot of people not associated with the Certegy breach are getting these card spam e-mails.

Don't click on them - they normally contain malicious software designed to take over your computer.