A significant amount of e-card spam has flooded inboxes recently, taking advantage of the upcoming holiday season. Spam mails contain holiday greetings and a short message informing users that they have received an e-card from someone. Also in the email is an embedded URL link where the recipient can view or claim their e-card.
Other subject lines for this type of spam include the following:
- A Christmas card from a friend
- A special card just for you
- Christmas card for you
- Christmas Ecard Notification
- Christmas Ecard Special Delivery
- Christmas greetings e-card is waiting for you
- Christmas greetings for you
- Christmas greetings from your friend
- Christmas Wishes!
- Greeting for you!
- Happy Christmas!
- Have a warm an lovely Christmas!
- I made an Ecard for U!
- I sent you the ecard
- Joyful Christmas!
- Merry Christmas 2009!
- Merry Christmas card for you!
- Merry Christmas e-card is waiting for you
- Merry Christmas greetings for you
- Merry Christmas ‘N Happy New Year!
- Merry Christmas To You!
- Merry Christmas wishes just for you
- Merry Christmas!
- Merry Xmas!
- Warmest Wishes For Christmas!
- Wish You A Merry Christmas!
- Xmas card for you
- Xmas card is waiting for you
- You have a Christmas Greeting!
- You have a greeting card
- You Have An E-card Waiting For You!
- You have received a Christmas E-card
- You have received a Christmas greetings card
- You have received an E-card
- You Received an Ecard.
- You’ve got a Christmas E-card
- You’ve got a Christmas greetings card
- You’ve got a Merry Christmas E-card
- You’ve got a Merry Christmas greeting card
- You’ve got a Xmas e-card
- You’ve got an e-card
Once users click the link embedded in the spam mails, they will be redirected to a bogus e-card website. Upon examining and verifying this site, it shows that it was created just this month.
It also appears as if there are several URL links and buttons on the page, but actually the whole page of the site only contains a one large clickable image.
Upon clicking the image, the user is prompted to download the file ecard.exe detected as TROJ_GENETIK.TI.
With the protection and security that the Trend Micro Smart Protection can offer, these combined threats are addressed immediately. Spam mails are now detected through the Email Reputation Technology. URLs related to this spam mails are already blocked by Web Reputation Technology. Finally, the downloaded malicious file ecard.exe is already detected as TROJ_GENETIK.TI.