Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Author Archive - Argie Gallego (Anti-spam Research Engineer)

    A significant amount of e-card spam has flooded inboxes recently, taking advantage of the upcoming holiday season. Spam mails contain holiday greetings and a short message informing users that they have received an e-card from someone. Also in the email is an embedded URL link where the recipient can view or claim their e-card.

    Other subject lines for this type of spam include the following:

    • A Christmas card from a friend
    • A special card just for you
    • Christmas card for you
    • Christmas Ecard Notification
    • Christmas Ecard Special Delivery
    • Christmas greetings e-card is waiting for you
    • Christmas greetings for you
    • Christmas greetings from your friend
    • Christmas Wishes!
    • Greeting for you!
    • Happy Christmas!
    • Have a warm an lovely Christmas!
    • I made an Ecard for U!
    • I sent you the ecard
    • Joyful Christmas!
    • Merry Christmas 2009!
    • Merry Christmas card for you!
    • Merry Christmas e-card is waiting for you
    • Merry Christmas greetings for you
    • Merry Christmas ‘N Happy New Year!
    • Merry Christmas To You!
    • Merry Christmas wishes just for you
    • Merry Christmas!
    • Merry Xmas!
    • Warmest Wishes For Christmas!
    • Wish You A Merry Christmas!
    • Xmas card for you
    • Xmas card is waiting for you
    • You have a Christmas Greeting!
    • You have a greeting card
    • You Have An E-card Waiting For You!
    • You have received a Christmas E-card
    • You have received a Christmas greetings card
    • You have received an E-card
    • You Received an Ecard.
    • You’ve got a Christmas E-card
    • You’ve got a Christmas greetings card
    • You’ve got a Merry Christmas E-card
    • You’ve got a Merry Christmas greeting card
    • You’ve got a Xmas e-card
    • You’ve got an e-card

    Once users click the link embedded in the spam mails, they will be redirected to a bogus e-card website. Upon examining and verifying this site, it shows that it was created just this month.

    It also appears as if there are several URL links and buttons on the page, but actually the whole page of the site only contains a one large clickable image.

    Upon clicking the image, the user is prompted to download the file ecard.exe detected as TROJ_GENETIK.TI.

    With the protection and security that the Trend Micro Smart Protection can offer, these combined threats are addressed immediately. Spam mails are now detected through the Email Reputation Technology. URLs related to this spam mails are already blocked by Web Reputation Technology. Finally, the downloaded malicious file ecard.exe is already detected as TROJ_GENETIK.TI.


    It has only been two months since the Beijing Olympics and athletes and sports fans have four more years before the next Olympics happens in London. Spammers are not waiting that long though, because even as early as now, the said 2012 global event is already being used in online scams.

    Here’s a screenshot of a spammed email message that masquerades as a lottery notification:

    Figure 1. Sample of London Olympics spam

    The email message informs the recipient that s/he is the winner of the supposed weekly lottery. Now users may not have joined any Olympics-related promos, but the promised cash prize would be enough for some to believe that they’ve actually won.

    To make the message convincing, spammers put not only an Olympic logo but a link to as well; this is the official website of International Olympic Committee. The message also contains fake reference and batch numbers, and security codes.

    Now to claim the cash prize, users are instructed to forward their winning details to a “claim agent” whose contact information – phone and fax numbers, and email addresses – are also shown in the message. This is the scam to get accurate personal data.

    Users are advised to not trust these unsolicited and unexpected email messages, no matter how much money they promise. Users must also be cautious in trusting claim agents. It is only logical that lottery winners have to have joined the raffle first.

    The Trend Micro Smart Protection Network already blocks the spammed email messages involved in this scamming operation.

    Other Olympics scams:

    • Scammers Try Their Luck (Again) on The Olympics
    • You Just Won the Beijing 2008 Olympics Lotto!
    Posted in Spam | Comments Off on A Very Early London Olympics Scam


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice