CyberInsecure.com

Daily cyber threats and internet security news alerts
November 27th, 2008

Infecting Christmas E-greetings Are Distributed Via Spam

Websense Security Labs has discovered that malware authors are already using Christmas themes this year as a social engineering tactic, in an effort to gain control over compromised machines. This campaign uses email messages in the form of e-greetings, leading to supposed animated postcards. These actually lead to a Trojan backdoor that has been distributed in previous malicious spam campaigns.

The email messages, spoofed to appear as though they have been sent from postcards.org, display an animated Christmas scene. A URL link within the email leads to a malicious file called postcard.exe hosted on various servers, including those in the .com domain space.

Once executed, a backdoor is created by the malware author enabling access and control over the resources of the compromised machine. Control is conducted over IRC, communicating with ircserver.*snip*.la. During the install process an image called xmas.jpg is displayed to the user as a distraction technique.

Example of malicious email:

Email, Bookmark or Share:
  • E-mail this story to a friend!
  • Digg
  • del.icio.us
  • StumbleUpon
  • Reddit
  • Technorati
  • Slashdot
  • Propeller
  • Google
  • Live
  • YahooMyWeb
  • TwitThis
  • Facebook
  • LinkedIn
More on CyberInsecure:
  • Malaysian Kaspersky Antivirus Website Has Been Hacked In An SQL Injection Attack
  • Storm Botnet Is Behind 20 Percent Of Internet Spam
  • Anti Fraud Site Bobbear.co.uk Hit By A DDoS Attack
  • Botnet Spams 60 Billion Emails A Day
  • Malware Infected Spam Threatens To Suspend Internet Access

    • Posted in Malware, Spam, Trojans & Worms | Print This Post Print This Post

    This entry was posted on Thursday, November 27th, 2008 at 2:25 pm and is filed under Malware, Spam, Trojans & Worms. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Infecting Christmas E-greetings Are Distributed Via Spam

    One Response to “Infecting Christmas E-greetings Are Distributed Via Spam”

    1. secman Says:
      November 28th, 2008 at 2:09 am

      redirecting technique is too familiar for spam , i dont like it , cheating !! simple wthot tech knowledge !

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
    Click to hear an audio file of the anti-spam word

    « « CBS.com Subdomain Compromised, Installing Malware On Visitors PC’s
    Paypal Is Being Used In Popular Nigerian 419 Scam » »