Fake Holiday eCards: Are You Surprised?
Yesterday, we started to receive reports of emails pretending to carry links to holiday cards. These emails contain a link that points to a file named ecard.exe. Of course, this executable is not a seasonal holiday card but malware. The reason this wave of malware has attracted our attention is that it is very similar to the Storm Worm attacks we were seeing last year.
Although this attack uses fast-flux to make it harder to trace its web servers and a redirection page very similar to those used by Storm last year, this is not the resurrection of the Storm botnet. Analysis of the binary proves it to be different to Storm. It was programmed using a different programming language and includes different functionalities. This malware, detected as a variant of Win32/Waledac by ESET Antivirus, has no peer-to-peer capabilities and uses an open-source packer instead of the custom packers used by Storm. Also, the Waledac threat has cryptographic capabilities that were not present in Storm.
What we are observing today is proof that malware authors are learning from each other’s errors and successes. After seeing that Storm was able to infect thousands of systems last year with Christmas-related social engineering, the criminals behind other malware families are now trying to emulate that success.
Pierre-Marc Bureau
Researcher
3 Responses to “Fake Holiday eCards: Are You Surprised?”
Leave a Reply
- David Harley (741)
- Randy Abrams (431)
- Cameron Camp (110)
- Stephen Cobb (62)
- ESET Research (56)
- Pierre-Marc Bureau (51)
- Aryeh Goretsky (31)
- Andrew Lee (15)
- Robert Lipovsky (12)
- Jeff Debrosse (12)
- Paul Laudanski (11)
- Sebastian Bortnik (8)
- Dan Clark (6)
- Righard Zwienenberg (6)
- Sébastien Duquette (5)
- Aleksandr Matrosov (3)
- Peter Stancik (3)
- Alexis Dorais-Joncas (3)
- Tasneem Patanwala (3)
RSS
December 24th, 2008 at 6:04 am
I managed to get the .exe into the recycle bin and then empty it. Has this cleared it?
December 30th, 2008 at 4:49 am
As long as you didn’t execute it. Though if it was detected by AV it shouldn’t have been executed anyway. (Pierre-Marc already responded directly to this comment: I’m just crossing the t’s in case anyone else was waiting to see a response.
July 13th, 2010 at 9:12 am
Holiday credit rating cards might be a great deal a lot much more than pre-printed credit cards stuffed in envelopes with mailing labels applied. With some imagination and also the right greeting card supplier, a greeting card can be a really unique, higher higher quality present that projects company professionalism as nicely as heartfelt wishes for that holiday season.