Hallmark E-Card Spam: It's Baaack!
There haven't been many dull moments in Threat Operations Center over the past few weeks. Between multiple CNN spam updates which then morphed into MSNBC spam followed by fake FedEx non-delivery notifications last week, Britney Spears tabloid spam, and up to 30% increases in total spam volume, everyone has certainly been drinking from the fire hose.
We had a new guy named Tyler start recently as well who hasn't yet run for the hills screaming in the midst of all of the chaos. Sounds like a keeper to me!
Beginning yesterday we started tracking the return of Hallmark E-Card spam. If you recall, sending out fake e-cards that lead to malware sites was a popular tactic of the Storm Worm. These new messages appear as if they are being distributed via the Srizbi botnet, but are largely the same as their Storm counterparts.
Below is a screen shot of a sample message that landed in one of our spamtraps:
As with most spammers nowadays, you can tell that they went to some great lengths to ensure that the email looks as legitimate as possible.
In many previous e-card variants all of the links within the email would point directly to the malware hosting site. This trend has recently been shifting and this new Hallmark E-Card tactic improves upon that by only pointing the "here" link above to the malicious web site. All of the other links like Customer Service, Store Locator, etc actually point to the same locations that the real hallmark.com site point to. So, if a suspicious recipient of one of these messages clicks on any link in the email other than the malware download link they may be tricked into believing the message is legitimate since it will direct them to the Hallmark site. Seeing this, they may be more apt to click on the download link and become infected.
Emails associated with this new "e-card" appear to be from "E-Cards@Hallmark.com" and will have subject lines like "You've Recieved a Hallmark E-Card!". The other tell tale sign of these fakes can be found if you mouse over (but don't click!!) the "here" link as it links to an executable file like postcard.gif.exe as opposed to an actual web page.
Be on the lookout for these new fake Hallmark E-Cards, especially as we move closer to the Holiday Season (it's still a ways off, but I am sure some stores will have Christmas items on the shelves soon!) as these are likely to become a popular tactic again for Halloween, Thanksgiving, and Christmas.
Categories: Social Engineering Spam
Posted by smasiello at 4:10 PM | Link | 4 comments
Comments
Re: Hallmark E-Card Spam: It's Baaack!
thank goodness for AOL security that would not allow me to open a Hallmark card recently as I tried to download it. Before it completed the download, AOL notified me that it was from a suspicious sender. Another friend just said that they just received some of these Hallmark spam emails, too, so I believe they are a real problem
Posted by Lois on September 28, 2008 at 12:42 PM
Re: Hallmark E-Card Spam: It's Baaack!
I received the card tonight, but was suspicious and deleted it without opening the link. Just didn't feel right in the way it was presented. Usually, it tells me who sent the card before I open it. This did not.
Posted by Lori on October 10, 2008 at 10:52 PM
Re: Hallmark E-Card Spam: It's Baaack!
I received this email this morning. I opened it and my PC Tools Spyware Doctor caught it and block it before anything happen.
Posted by Drew on November 10, 2008 at 5:51 AM
Re: Hallmark E-Card Spam: It's Baaack!
i clicked on the link and my antivirus window popped up stating that it was a virus and that no action was taken so i immediately ran my antispyware but i still don't know if the trojan is gone - any pointers on how to detect if the virus is in my machine - my antivirus scans did not reveal anything either.
Posted by mylanta on November 13, 2008 at 9:09 PM
