Spammers are clearly putting the holidays to good use, as they have made Christmas just another reason to spread malware.
Trend Micro threat analysts recently received a spammed message purporting to come from 123greetings.com, a legitimate site that users can access to send e-cards to family and friends. The email message even sported the site’s logo (see Figure 1).
However, upon further investigation of the spammed message’s header, we noticed that the sender’s IP address (see Figure 3) did not match that of the legitimate 123greetings.com site (see Figure 2).
The spammed message urges the user to download and open the .ZIP file attachment (see Figure 4), which is actually an .EXE file detected by Trend Micro as WORM_PROLACO.Z (see Figure 5), in order to view the greeting card.
In addition, according to 123greetings.com, the e-cards sent from the site are stored on 123greetings.com servers and so should not be attached to emails. In other words, to view e-cards sent from the site, users do not need to download anything.
To keep your system malware-free this festive season, do not open unsolicited email messages. Be smart, use an effective security suite.
Smart Protection Network protects Trend Micro product users by blocking the spammed messages and related malicious files (WORM_PROLACO.Z).