Phony E-Card Spam

Storm Worm, Hidden In Phony E-Card Spam, Strikes Again — ALERT: Beware of “Greeting Card” spam.

Storm Worm, Hidden In Phony E-Card Spam, Strikes Again

ALERT: Beware of “Greeting Card” spam.

Last week we reported on an email barrage that has been sending malicious “greeting card” spams at a rate of approximately two per hour. Global security offices now concur with this information.

greeting card spam - trojan - virus - ALERT

Do not open any email which claims to be a greeting card. The screen above is the malicious attacks we trapped since midnight Tuesday. We believe the attack originated from a single source, however through compromised MS Dos and Windows computers has become fragmented around the globe. The criminals launching the attack placed the “ecard.exe” trojan on open proxy servers. Global security offices concur with this information. Here’s how the list stacks up:

http://196.206.94.188/?35456ec290b516c3c2cd

IAM, Direction Internet
Rabat, Morocco

http://www.menara.ma

http://80.54.182.160/?c61301cba46921636c804814655dc21c8371

resolves to: http://80.54.182.160/ecard.exe
GAJA, TPNET
Krapkowice POLAND

http://www.gaja.net.pl

http://85.110.31.114/?383e1a7a85955ab65e8517

TurkTelekom
Aydinlikevler, Turkey

http://www.ttnet.net.tr

http://71.238.115.136/?ca9a885b5e6291c3de8293ec6968e3

resolves to: http://71.238.115.136/ecard.exe
Comcast Cable Communications Inc.
Mt Laurel, NJ, USA

http://www.comcast.net

http://80.70.24.75/?16c3c2cd8a7c0b58e47d14c77

Latvenergo Telecommunications
Riga, Latvia,

http://www.energo.lv

http://71.239.45.37/?9ebeed435601e5ee713076a3db573383e1

resolves to: http://71.239.45.37/ecard.exe
Comcast Cable Communications Inc.
Mt Laurel, NJ

http://www.comcast.net

http://74.135.70.213/?85da463c5c036b0339eb3a6075338ee7c634

Insight Communications Company, L.P.
Louisville, KY

http://www.insightcom.com

http://66.90.165.214/?655dc21c83715e8517a32e6b9

Grande Communications Networks Inc.
San Marcos, TX, US

http://www.grandecom.com

http://74.132.79.6/?933165b19d3383b4c009ee6

74.132.79.6
INSIGHT-COMMUNCATIONS-CORP, New York, NY, US

http://www.INSIGHTNS.COM

http://www.insightcom.com

74.104.194.208

http://74.104.194.208/?83e5868911e6c36a4bc9

Rogers Cable Communications Inc., Toronto, ON, CA

http://rogers.wave.ca

75.83.144.87

http://75.83.144.87/?a47ec5b6e92ded5e559ae0855a16e2a14

Road Runner Hold Co LLC, Herndon, VA, US

http://www.rr.com

Storm Worm, Hidden In Phony E-Card Spam, Strikes Again

Security researchers are warning users about a spike in the number of spam e-mails that are being sent out in massive waves to infect machines with a variant of the virulent Storm worm. Its authors keep changing the methods they use to send it, this time fooling people with fake e-card promises. Report by Sharon Gaudin InformationWeek

Independance Day spam arrives with a storm of “Greeting Card” spam.

Spammers have launched an enticing ‘Fourth of July’ greeting card spam campaign-just days before the Independence Day holiday-luring recipients to click on a malicious link — inviting recipients to retrieve the greeting card by clicking on the provided link. By doing so, they expose themselves to vulnerability exploits and an executable file named ecard.exe. More at: www.itnews.com.au

Share this |