By Dancho Danchev
Cybercriminals are currently spamvertising a “You just received a e-card form somebody” themed malware campaign, impersonating Hallmark.
Subject: You just received a e-card form somebody
Message: Hello, You have just received a Hallmark E-Card!There’s something special about that E-Card feeling.If you want to see your e-greeting-card, click the link below:http://www.hallmark.com/e-greetingsHope to see you soon,Your friends at HallmarkYour privacy is our priority.Click the “Privacy and Security” link at the bottom of this E-mail to view our policy.
Malware link: hxxp://e-card.serveusers.com/e-greetings.exe
Upon clicking on the link, the end user is required to manually download and execute the malicious attachment.
Detection rate: 17 our of 43 signatures-based antivirus scanners detect this as malware
Detected as: Backdoor.IrcBot.ADIT; Backdoor.IRC.Zapchast.zwrc; IRC/Cloner.CA
Upon execution the sample phones back to the following IRC servers, where the infected host awaits further commands from the botnet masters:
- 22.214.171.124: 6667
- 126.96.36.199: 6667
- 188.8.131.52: 6667
Webroot SecureAnywhere customers are protected from this threat.