Spamvertised “Hallmark ecard” campaign leads to malware

by

Share this news now.

Cybercriminals are currently spamvertising a “You just received a e-card form somebody” themed malware campaign, impersonating Hallmark.

More details:

Subject: You just received a e-card form somebody

Message: Hello, You have just received a Hallmark E-Card!There’s something special about that E-Card feeling.If you want to see your e-greeting-card, click the link below:http://www.hallmark.com/e-greetingsHope to see you soon,Your friends at HallmarkYour privacy is our priority.Click the “Privacy and Security” link at the bottom of this E-mail to view our policy.

Malware link: hxxp://e-card.serveusers.com/e-greetings.exe

Upon clicking on the link, the end user is required to manually download and execute the malicious attachment.

Details on e-greetings.exe

Detection rate: 17 our of 43 signatures-based antivirus scanners detect this as malware

MD5: 1cd3a366d926ecc90a5ef9a8de9f3be2

SHA256: 4028fffd6e4b7296564ee86c799b221ada0f97824469c0133102654b11a6b024

Detected as: Backdoor.IrcBot.ADIT; Backdoor.IRC.Zapchast.zwrc; IRC/Cloner.CA

Upon execution the sample phones back to the following IRC servers, where the infected host awaits further commands from the botnet masters:

  • 194.109.20.90: 6667
  • 208.83.20.130: 6667
  • 211.75.246.205: 6667

Webroot SecureAnywhere customers are protected from this threat.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.


Share this news now.
Spamvertised "Hallmark ecard" campaign leads to malware by