Scriptme.net fresh news

Shaun Nichols in San Francisco, vnunet.com, Friday 25 July 2008 at 02:04:00

Hallmark cards deliver nasty message

Security experts are warning users to vigilant for the latest round of fake greeting card attacks. The spam messages purport to be greeting cards for Hallmark, informing the user that they have been sent a Hallmark e-card. The email contains the same graphics used by the site, appearing at first to be genuine. Unlike authentic Hallmark e-cards, however, the fake greetings contain an attachment. When the user loads the attached .zip file, the attack begins. The trojan .zip archive unpacks a an executable known as postcard.exe as well as a run key to the Windows registry. Upon restart, the run key automatically launches the malicious executable. The program adds the user to a remotely-controlled IRC botnet and then accesses the user's contact list to send out new attack emails. The greeting card attack is hardly a new concept. The infamous Storm worm has made a regular habit of sending fake greeting cards at major holidays in an effort to expand its massive botnet. The fake greeting card tactic is, however, extremely effective, as shown by its longevity. "As long as recipients continue to fall for these old tricks, malware authors and spammers will continue to use them," conceded Matt Sergeant, a senior anti-spam specialist for security firm MessageLabs. Experts advise users to be weary of unsolicited or unexpected greeting cards, and never to open attachments from suspicious emails.