E-greeting continues

Mails send from egreetings.Com with malicious links is still floating around. The subject of these mails
is formed using below keywords

You’ve received [a|n] [greeting|] [postcard|ecard] from a [admirer|class-mate|colleague|family member|friend|mate|neighbor|neighbour|partner|school friend|school mate|school-mate|worshipper]!

Here is one of such subject line used ” You’ve received a greeting card from a class mate!”

The website page has javascript that appears to have multiple ways to exploit a browser. If javascript is not enabled then it provides an alerantive link to download the mailcious files. Here is what a user would see:

“We are currently testing a new browser feature. If you are not able to

view this ecard, please click here (/ecard.exe) to view in its original format.”

Downloaded program is a Trojan downloader which in turn download other mailicous files from other remote system. Trojandownloader.Tibs.mq and Trojandownloader.Small.evy added in database.

Ranjeet Menon

Ranjeet Menon

No Comments, Be The First!

Your email address will not be published.