Beware of Hallmark E-Card

by on 12/06/2008 in Internet, Software

According to CA (Computer Associates) beware of any Hallmark E-Cards in your inbox. It may seem safe and genuine sent from a family or friend, but this malware can cause havoc to your computer. We recommend that you keep a watchful eye out for deceptive Christmas ‘promotions’ or e-cards.

From CA: Using the happy subject line “You have received [sic] A Hallmark E-Card”, Win32/Mytob variants attached to spam emails have been getting around lately. The team at CA ISBU labs has monitored Mytob’s increased activity especially towards the end of Q3 2008, and you can read more by visiting the Win32/Mytob.OM and Win32/Mytob.ON malware analyses in our encyclopedia.

Now that we’ve turned the corner into the Yuletide season, we expected Win32/Mytob variants to spice up the social engineering with festive spirit, and unfortunately we were not disappointed. Today we received a new Win32/Mytob variant disguised as a Hallmark e-card, as well as McDonalds and Coca-Cola Christmas promotions. We detect the malware as Win32/Mytob.OO, and it uses this deceivingly friendly Christmas snowman file icon:

Win32/Mytob.OO uses this icon to hide its nefarious intentions.

Below are full details of three spam emails sent by Win32/Mytob.OO. In the first spam email, the worm poses as a Hallmark e-card with these characteristics:

From:
postcards@hallmark.com

Subject:
You have received [sic] A Hallmark E-Card

Message:

Hello!

You have received [sic] a Hallmark E-Card from your friend. To see it, check the attachment. There’s something special about that E-Card feeling. We invite you to make a friend’s day and send one. Hope to see you soon, your friends at Hallmark your privacy is our priority. Click the “Privacy and Security” link at the bottom of this E-mail to view our policy.

Attachment: postcard.zip

Source: Computer Associates

7 Responses to “Beware of Hallmark E-Card”

  1. Jilli Hunter

    Dec 6th, 2008

    I believe the once practiced method of eunuchating a male spammer into a full blown eunuch for the purpose of preventing anymore ‘screwing’ around with other people’s computers should begin immediately. Though my tools and implements for this purpose are slightly rusty from not enough use, I will however, supply free of charge, a gag to control screams of neutering being a bother to any within hearing distance. Call me, my service is free.

  2. Frank J

    Dec 6th, 2008

    I love my Jilli, as no one can say it so well!

  3. Geoserv

    Dec 6th, 2008

    STUMBLED!

    haha…well put Jilli.

    I am so sick of these viruses etc…, when will it end, oh yeah, NEVER!

  4. Tim

    Dec 7th, 2008

    With the holiday season upon us, people will be sending their greetings via paper and electronic greeting cards. While paper cards will consist majority of this tradition, ecards have their places. Sending ecards are much more environment friendly. It is also economical, particularly during our current financial downturn.

    However, there are a few precaution that one needs to be aware of when one receives ecards.

    * Make sure you recognize the sender’s name. The sender’s FULL name should ALWAYS be included in the subject line (and sometimes in the “from” field) of the email.

    * The web site should be easily identified in one or more of the following places: the “from” field, the subject line, or in the email itself.

    * Do NOT click any links with simple IP address. In a fake ecard email, the IP address may be hidden and can only be seen by hovering your cursor over the link or right clicking on the link to view properties. The link should not be a series of number (e.g. 169.180.1.15, commonly referred to as an IP address).

    * An ecard email should NOT have any attachment of any kind. The recipient will go to the web site to “pick up” (i.e. view) the ecard.

    * Legitimate ecard emails will always include an option to pick up the ecard by typing the web site address and enter a code.

    * Use a webmail or email application that has good spam filter. My experience with Gmail has been very good. It filters out almost all spam mail.

  5. DemoGeek

    Dec 7th, 2008

    I never opens up any of these e-Card emails anyway! Most of them always looked fishy.

  6. Frank J

    Dec 7th, 2008

    Tim,

    That is great advice and I hope many will follow it. Thank you for the comment and tips!

  7. Frank J

    Dec 7th, 2008

    We all are sick of cyber-crime!