Cybercriminals are currently spamvertising a “You just received a e-card form somebody” themed malware campaign, impersonating Hallmark.
Subject: You just received a e-card form somebody
Message: Hello, You have just received a Hallmark E-Card!There’s something special about that E-Card feeling.If you want to see your e-greeting-card, click the link below:http://www.hallmark.com/e-greetingsHope to see you soon,Your friends at HallmarkYour privacy is our priority.Click the “Privacy and Security” link at the bottom of this E-mail to view our policy.
Malware link: hxxp://e-card.serveusers.com/e-greetings.exe
Upon clicking on the link, the end user is required to manually download and execute the malicious attachment.
Detection rate: 17 our of 43 signatures-based antivirus scanners detect this as malware
Detected as: Backdoor.IrcBot.ADIT; Backdoor.IRC.Zapchast.zwrc; IRC/Cloner.CA
Upon execution the sample phones back to the following IRC servers, where the infected host awaits further commands from the botnet masters:
- 188.8.131.52: 6667
- 184.108.40.206: 6667
- 220.127.116.11: 6667
Webroot SecureAnywhere customers are protected from this threat.