E-greeting continues

Mails send from egreetings.Com with malicious links is still floating around. The subject of these mails
is formed using below keywords

You’ve received [a|n] [greeting|] [postcard|ecard] from a [admirer|class-mate|colleague|family member|friend|mate|neighbor|neighbour|partner|school friend|school mate|school-mate|worshipper]!

Here is one of such subject line used ” You’ve received a greeting card from a class mate!”

The website page has javascript that appears to have multiple ways to exploit a browser. If javascript is not enabled then it provides an alerantive link to download the mailcious files. Here is what a user would see:

“We are currently testing a new browser feature. If you are not able to

view this ecard, please click here (/ecard.exe) to view in its original format.”

Downloaded program is a Trojan downloader which in turn download other mailicous files from other remote system. Trojandownloader.Tibs.mq and Trojandownloader.Small.evy added in database.

Ranjeet Menon

Ranjeet Menon

Follow @

No Comments, Be The First!

Your email address will not be published.