UGN InfoManager

Storm Worm, Hidden In Phony E-Card Spam, Strikes Again

ALERT: Beware of "Greeting Card" spam.

Last week we reported on an email barrage that has been sending malicious "greeting card" spams at a rate of approximately two per hour. Global security offices now concur with this information.

Do not open any email which claims to be a greeting card. The screen above is the malicious attacks we trapped since midnight Tuesday. We believe the attack originated from a single source, however through compromised MS Dos and Windows computers has become fragmented around the globe. The criminals launching the attack placed the "ecard.exe" trojan on open proxy servers. Global security offices concur with this information. Here's how the list stacks up:

http://196.206.94.188/?35456ec290b516c3c2cd
IAM, Direction Internet
Rabat, Morocco
http://www.menara.ma

http://80.54.182.160/?c61301cba46921636c804814655dc21c8371
resolves to: http://80.54.182.160/ecard.exe
GAJA, TPNET
Krapkowice POLAND
http://www.gaja.net.pl

http://85.110.31.114/?383e1a7a85955ab65e8517
TurkTelekom
Aydinlikevler, Turkey
http://www.ttnet.net.tr

http://71.238.115.136/?ca9a885b5e6291c3de8293ec6968e3
resolves to: http://71.238.115.136/ecard.exe
Comcast Cable Communications Inc.
Mt Laurel, NJ, USA
http://www.comcast.net

http://80.70.24.75/?16c3c2cd8a7c0b58e47d14c77
Latvenergo Telecommunications
Riga, Latvia,
http://www.energo.lv

http://71.239.45.37/?9ebeed435601e5ee713076a3db573383e1
resolves to: http://71.239.45.37/ecard.exe
Comcast Cable Communications Inc.
Mt Laurel, NJ
http://www.comcast.net

http://74.135.70.213/?85da463c5c036b0339eb3a6075338ee7c634
Insight Communications Company, L.P.
Louisville, KY
http://www.insightcom.com

http://66.90.165.214/?655dc21c83715e8517a32e6b9
Grande Communications Networks Inc.
San Marcos, TX, US
http://www.grandecom.com

http://74.132.79.6/?933165b19d3383b4c009ee6
74.132.79.6
INSIGHT-COMMUNCATIONS-CORP, New York, NY, US
http://www.INSIGHTNS.COM
http://www.insightcom.com

74.104.194.208
http://74.104.194.208/?83e5868911e6c36a4bc9
Rogers Cable Communications Inc., Toronto, ON, CA
http://rogers.wave.ca

75.83.144.87
http://75.83.144.87/?a47ec5b6e92ded5e559ae0855a16e2a14
Road Runner Hold Co LLC, Herndon, VA, US
http://www.rr.com

Storm Worm, Hidden In Phony E-Card Spam, Strikes Again

Security researchers are warning users about a spike in the number of spam e-mails that are being sent out in massive waves to infect machines with a variant of the virulent Storm worm. Its authors keep changing the methods they use to send it, this time fooling people with fake e-card promises. Report by Sharon Gaudin InformationWeek

Independance Day spam arrives with a storm of "Greeting Card" spam.

Spammers have launched an enticing 'Fourth of July’ greeting card spam campaign-just days before the Independence Day holiday-luring recipients to click on a malicious link -- inviting recipients to retrieve the greeting card by clicking on the provided link. By doing so, they expose themselves to vulnerability exploits and an executable file named ecard.exe. More at: www.itnews.com.au

------------------------------

Found something really cool?

------------------------------