ITS Homepage Click here for text version of ITS homepage University at AlbanyUAlbany Site IndexUAlbany Search
Information Security Home
Threat Matrix
Security Threats
System Alerts
Security Defenses
Best Practices
Technical Controls
 
Security Tools
Network Standards


 Phishing Phishing Samples

 robotIcon Bot/Bot Herd

 handClawIcon Hackers

 bombIcon Malware

 computerSafe Password Cracking

 rabbithaticon Social Engineering

 spyicon Spyware

 computerbombicon Viruses

Information Security
 

Something (Nasty) From a "Friend"

 
The Russian Business Network uses topical greeting card messages to distribute its malware package called "Stormworm."
-----Original Message-----
From: Hallmark Cards [mailto:postbode@hallmark[dot]be]
Sent: Wednesday, February 06, 2008 4:28 AM
Subject: You have a card send from a friend!

 


 

 

The Hallmark logo is being pulled from ecards.msn.co.uk.

Hello ,

A friend has sent you a Hallmark Ecard

It would be nice to know which friend. But then, you could check with them to see if they really sent you the card.

Click here to view your Ecard .

Here's where the stinger lies. The link above points to an executable that will install the Stormworm code. The full link is http://maui.dnsdc3.com/~admin/postcard.gif.exe 


If you would like to return an Ecard to him simply go to http://ecards[dot]msn[dot]co[dot]uk/

The link above to ecards is legitimate, but you won't see any record of this card.

MSN
in association with
Hallmark Cards

Your privacy is our priority. Click the "Privacy and Security" link at the bottom of any page on http://ecards[dot]msn[dot]co[dot]uk/ to see our privacy policy.

There is an item missing below. It is another link to the malicious executable above, but the site is down or broken.

Glossary

 SiteMap