Watch Out, Watch Out, There's an E-card About!

As some of you may have noticed we are seeing a massive campaign by the 'Bad Guys and Girls' who are using social engineering techniques via fake e-card notification e-mails. Here is a screenshot of just part of one of the e-mail folders I have full of these e-mails:



Here's a screenshot of what just one of these look like now:



Oh, it is nice to be worshipped ;-). I've had ones that claim to come from a:

• Class-Mate


• Colleague


• Family Member


• Friend


• Mate


• Neighbor


• Neighbour


• Partner


• School-Mate


• School Friend


• Worshipper

They claim to come from many 'real' e-card sites, such as:

• 123Greetings.com


• 2000Greetings.com


• All-Yours.net


• AmericamGreetings.com


• Bluemountain.com


• DGreetings.com


• E-Cards.com


• Freewebcards.com


• Funnypostcard.com


• Greet2k.com


• Greeting-cards.com


• Hallmark.com


• ILoveCards.com


• Mypostcards.com


• NetFunCards.com


• Postcards.com


• Postcards.org


• Riversongs.com


• VintagePostcards.com

Of course, when you click on the link you go to another site, not the one you expect to go to. Here's a screenshot of one of the web pages you could end up on if you click on the link in one of these 'fake e-card' e-mails.



Yeah right, 'testing a new browser feature', sure they are! What they are doing is running exploit code, and if that fails they can always use social engineering to get the visitor to the site to infect their own computer by clicking on the link and running the file.

Before that the fake e-card e-mails looked like this:



And in one wave they turned rather messy, sort of a 'everything-but-ther-kitchen-sink' variant ;-):



What a mess, eh?

In a rather 'twilight zone' moment, last month I wrote an article on the use of HTML based e-mail and the use of e-cards [fake ones] by the 'Bad Guys and Girls' for the Virus Bulletin magazine; this was before the latest attacks started....most spooky.

The article has just been published in the July issue, so no, the 'Bad Guys and Girls' didn't use the data and other information contained in the article I wrote for VB. I will make a copy of the article available early next month here. Many thanks to VB for allowing me to do this.

The main problem with the recent waves of fake e-card e-mails we have been seeing is that the link to the 'fake e-card' takes you to is often a website that contains the following payloads that can automatically infect your computer just by visiting it with a system that isn't fully patched:

• Various Browser Exploits.


• Various Windows Exploits.


• A download [fake e-card] which is actually malware.

As I've often mentioned here, the 'Bad Guys and Girls' seem to be using social engineering as their primary tool to try and get you to infect your own computer, so be very careful and make sure your system is fully patched and protected if you must let curiosity get the better of you.....don't make their job easier.