Cybercriminals are currently spamvertising a “You just received a e-card form somebody” themed malware campaign, impersonating Hallmark.
More details:
Subject: You just received a e-card form somebody
Message: Hello, You have just received a Hallmark E-Card!There’s something special about that E-Card feeling.If you want to see your e-greeting-card, click the link below:http://www.hallmark.com/e-greetingsHope to see you soon,Your friends at HallmarkYour privacy is our priority.Click the “Privacy and Security” link at the bottom of this E-mail to view our policy.
Malware link: hxxp://e-card.serveusers.com/e-greetings.exe
Upon clicking on the link, the end user is required to manually download and execute the malicious attachment.
Detection rate: 17 our of 43 signatures-based antivirus scanners detect this as malware
MD5: 1cd3a366d926ecc90a5ef9a8de9f3be2
SHA256: 4028fffd6e4b7296564ee86c799b221ada0f97824469c0133102654b11a6b024
Detected as: Backdoor.IrcBot.ADIT; Backdoor.IRC.Zapchast.zwrc; IRC/Cloner.CA
Upon execution the sample phones back to the following IRC servers, where the infected host awaits further commands from the botnet masters:
- 194.109.20.90: 6667
- 208.83.20.130: 6667
- 211.75.246.205: 6667
Webroot SecureAnywhere customers are protected from this threat.
You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.
