More eCard Malware, Now Taking Advantage of Popular Russian Postcard Site
Thought we were done with ecards? Not yet! Just in from our detection center: a new blended threat with emails in Russian and English, purporting to be a postcard from a friend from the popular postcard site postcard.ru, but actually links to a site that tries to download an .exe file to the user’s computer. The scam email links to a malware site, not to the legitimate postcard.ru. The malware site looks like a postcard, however with the added “bonus” of an automatic download:
I visited postcard.ru and sent myself a postcard from the site, just to see what their emails look like. Of course if phishers can design their emails to appear like they are coming from Chase Manhattan or Citibank, then malware writers can easily copy a text email message word for word. But still, it’s uncanny how much the two emails look alike. However the easiest way to tell the two emails apart is to hover the mouse over the hyperlink in the email, so you can see that the malicious email is simply pretending to link to postcard.ru, and is really directing the recipient to a different site.
The malware email:
The legitimate email from postcard.ru:
February 13th, 2008 at 11:21 am
[...] Блог компании Commtouch (лучшие спам-фильтры для корпоративных почтовых серверов в 2007 году) заранее предупредил об опасности, которую следует ожидать в связи с днём Святого Валентина. [...]
February 17th, 2008 at 11:21 am
[...] new, massive outbreak of Russian postcard spam is underway, similar to the previous outbreak I wrote about a few weeks back. We know why spammers [...]
April 26th, 2008 at 2:54 pm
Do you have any information on the threat malware? I got infected a couple of weeks ago (I think my computer is a zombie) and the latest versions of Symantec Antivirus and AVG Free can’t find the infection.