Tuesday, December 23, 2008

Dangerous eCards in the Wild ... A Merry Christmas to you all!

Are you really surprised? A couple of days ago I started to receive reports of emails pretending to carry links to holiday cards. These emails contain a link that points to a file named ecard.exe. Of course, this executable is not a seasonal holiday card but malware. The reason this wave of malware has attracted my attention is that it is very similar to the Storm Worm attacks we were seeing last year. Although this attack uses fast-flux to make it harder to trace its web servers and a redirection page very similar to those used by Storm last year, this is not the resurrection of the Storm botnet. What we are observing today is proof that malware authors are learning from each other’s errors and successes. After seeing that Storm was able to infect thousands of systems last year with Christmas-related social engineering, the criminals behind other malware families are now trying to emulate that success. Most AV vendors are detecting this by now but you'll know that this is definitely not the last malicious eCard we or you will see.
Please just use ordinary plain text mails, it's so much nicer (read 'more intelligent') and it's more effective to my opinion. But am I not saying this every year?

Well at least what I really want to say from my own safe spot in Belgium:
A Merry Christmas to you all!
And that's more or less in plain HTML. ;-)