More E-Cards on the way ...

Status
Not open for further replies.

muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,751
Reaction score
1,210
Over the last few weeks, we've seen tons of ecard.exe spam, where fake greeting card mails have been spammed out.

The messages have not contained an attachment, but just links to web sites that offer a download of one ecard.exe to your machine.

Since last night, the messages have changed. You still get the normal greeting card spam, but when you follow the link, the web site now talks about the need for you to install "Microsoft Data Access" to your computer. Conveniently, they have it available for download, for free.

It's a bad idea to follow such unsolicited links from e-mail.

Don't even try the URL just for fun.

For example, if you access the page with an outdated version of Firefox or IE, the page will render with a nasty exploit code that will try to infect your computer immediately. Opera doesn't seem to be targeted at the moment.
This operation is apparently the work of the same gang that did the original "Storm Worm" run in January 2007.


Source: www.f-secure.com
 
I'm getting tens of these an hour - it's nice to know what they actually do as I don't want to visit ;)
 
In case anybody hasn't already noticed, there is a selection of updates for Windows and Internet Explorer that need to be installed. Annoyingly a restart is required but it's a small price to pay I suppose.

According to the Internet Explorer blog the fixes are for some problems that allowed other people to run programs on computer and to fix some vulnerable ActiveX technology.

Still, I wouldn't go "testing" the fixes on any e-card link.

;)
 
No end to flood of fake friendly greetings.

A further wave of e-cards carrying links to 'Storm' malware (various labelled Nuwar, Peacomm, Dorf, Zhelatin) has been hitting inboxes around the world all this week, with no signs of any letup in the deluge.

The latest barrage carry a simple message, using spoofed source addresses and claiming to originate from a friend, colleague or family member.

The plain text mails carry a link to a 'greeting' left at a site whose name is selected from a long list of likely titles for such greetings systems, usually also including copyright information matching the selected site title.

Following the link leads to one of the same botnet of compromised systems which have been spamming out the mails, hosting a site using exploits to attempt a drive-by download or, if visited by systems lacking the required vulnerabilities, simply presenting a link to download the executable.

The trojans are regularly repacked at the server side to minimise detection by anti-malware products, with tens of thousands of unique variants being spotted by analysis labs.

Malware watchers have speculated that as many as 250,000 zombie systems may be hosting the attack sites, making blocking the source domains a similarly enormous task, while spam counters at Sophos have reported seeing 9 million greetings card spams in a 48-hour period.

On the McAfee Avert Labs blog this week, Dmitri Gryaznov details his home-brewed system for keeping up with the constant changes in source and content, here, while Alyssa Myers speculates about the impact of the series of spam campaigns on the genuine greetings card industry, here. Some more details of the latest techniques are at F-Secure, here.

The potential of the 'Storm' botnet for launching major DDoS attacks has also resurfaced. A group of security admins in the world of academia, thought to be at particular risk at this time of year as large numbers of new students take up new accounts on university networks, has been warned of a risk of attacks from the Storm cloud, after probing infected machines for related vulnerabilities was seen to bring on attacks on the scanning system. The warning, issued by the REN-ISAC collaborative research group, is here.

Be on your guard folks ... we are seeing people posting here who have been infected with the same "problems" on their PCs. I may be adding 2+2 and getting 5 ... but it looks ominous to me.

wallbash.gif
 
here we go again ...

Picadilly Circus ... ALL CHANGE!!


We're being hammered again by a new phishing flood, I hope that you understand by now that you are exposing yourself to great risk if you click on the link in such an email, unless, of course, you really did subscribe to such a web site and were expecting the email.

Samples of the text from the emails is below...

Welcome,

Here is your membership info for Web Cooking.

Member Number: 9734283862
Temorary Login: user7804
Password ID: tt618

Your temporary Login Info will expire in 24 hours. Please login and change it.

Use this link to change your Login info: <<dangerous numeric url>>

Enjoy,
Technical Services
Web Cooking

------------------

Welcome Member,

Welcome To Web Cooking.

Confirmation Number: 68173818575773
Login ID: user7873
Password ID: wx183

Be Secure. Change your Login ID and Password.

Use this link to change your Login info: <<dangerous numeric url>>

Thank You,
Technical Services
Web Cooking

-----------------

Welcome,

Thank You for Joining Funny-Files.

Account Number: 2769799922346
Temp Login ID: user9519
Temorary Password: nb500

For security purposes please login and change the temporary Login ID and Password.

Follow this link, or paste it in your browser: <<dangerous numeric url>>

Welcome,
Technical Services
Funny-Files

-----------------

Welcome Member,

Are you ready to have fun at Entertaining Pros.

Confirmation Number: 533714917121
Login ID: user3889
Your Password ID: cq478

For security purposes please login and change the temporary Login ID and Password.

Follow this link, or paste it in your browser: <<dangerous numeric url>>

Thank You,
Membership Services
Entertaining Pros

-----------------

Welcome Member,

We are so happy you joined Entertaining Pros.

User Number: 727617979
Your Temp. Login ID: user1460
Your Password ID: gl537

Please Change your login and change your Login Information.

Click here to enter our secure server: <<dangerous numeric url>>

Enjoy,
Internet Support
Entertaining Pros

-----------------

Welcome,

Thank You for Joining Funny-Files.

Account Number: 2769799922346
Temp Login ID: user9519
Temorary Password: nb500

For security purposes please login and change the temporary Login ID and Password.

Follow this link, or paste it in your browser: <<dangerous numeric url>>

Welcome,
Technical Services
Funny-Files

-----------------

Dear Member,

Are you ready to have fun at Online Hook-Up.

Member Number: 568653417911
Your Login ID: user7413
Temp Password ID: gd809

Please keep your account secure by logging in and changing your login info.

Click here to enter our secure server: <<dangerous numeric url>>

Thank You,
Technical Services
Online Hook-Up

-----------------

New Member,

Welcome To Poker World.

Membership Number: 83862476
Temp Login ID: user2694
Your Temp. Password ID: nz279

This Login Info will expire in 24 hours. Please Change it.

Follow this Link: <<dangerous numeric url>>

Welcome,
Membership Services
Poker World

------------------

Welcome,

Are you ready to have fun at Online Hook-Up.

User Number: 664438366569
Login ID: user2149
Temp Password ID: fn269

Please keep your account secure by logging in and changing your login info.

Follow this Link: <<dangerous numeric url>>

Thank You,
New Member Technical Support
Online Hook-Up

-------------------

Greetings,

Thank You for Joining Ringtone Heaven.

Membership Number: 349816673
Temp Login ID: user4586
Your Password ID: rx179

Your temporary Login Info will expire in 24 hours. Please login and change it.

This link will allow you to securely change your login info: <<dangerous numeric url>>

Enjoy,
Technical Services
Ringtone Heaven

------------------

New Member,

We are glad you joined WebTunes.

Confirmation Number: 314538217
Temorary Login: user7049
Password ID: dj532

Please keep your account secure by logging in and changing your login info.

Use this link to change your Login info: <<dangerous numeric url>>

Enjoy,
Membership Support Department
WebTunes

-----------------

New Member,

We are so happy you joined CoolPics.

Member Number: 34616715
Temp Login ID: user2400
Temorary Password: ga772

Be Secure. Change your Login ID and Password.

Follow this Link: <<dangerous numeric url>>

Enjoy,
New Member Technical Support
CoolPics

------------------

New Member,

Welcome To Job Search Pros.

Membership Number: 6226972746532
Temp Login ID: user5308
Your Password ID: na856

Please keep your account secure by logging in and changing your login info.

Follow this link, or paste it in your browser: <<dangerous numeric url>>

Thank You,
Internet Support
Job Search Pros


:rolleyes:
 
:mad: got one of these today although mine said "you have a private message from lesley" (step-daughter)

so i rang her first-i know we dont all have the time to go ringing everyone in our address books that sends emails but just this once i did,to which she replied "what private message"
it got deleted anyway as mailwasher stopped that but these things are damn annoying & ime sick of getting emails that people just pass round to each other without thinking-ruddy chain emails :wall:

have now sent a message of my own to everyone i know which says:

PLEASE BE AWARE OF FORWARDING ON MESSAGES TO EVERYONE IN YOUR ADDRESS BOOK THAT HAVE COME FROM MULTIPLE SOURCES.

THERE IS CURRENTLY LITERALLY THOUSANDS OF FAKE EMAILS INVADING YOUR IN BOX THAT CONTAIN VIRUSES & WORMS.
I HAVE BEEN A VICTIM OF THIS RECENTLEY & IT IS VERY UPSETTING SO PLEASE BE ON YOUR GUARD.
THIS IS NOT A JOKE.THIS IS AN EMAIL FROM SOMEONE YOU GENUINLEY KNOW WHO DOES NOT WANT YOU TO SUFFER THE SAME FATE AS I DID.
KEEP SAFE.BE AWARE.REMEMBER TO UPDATE
 
Are you ready to have fun at Online Hook-Up.

Thank You for Joining Ringtone Heaven.

We are so happy you joined Entertaining Pros.

Is there something you arn't telling us :p
laughingsmiley.gif
laughingsmiley.gif
 
Status
Not open for further replies.
Back
Top