*samples* More Ecard-ware

Scanned with BD defs 7/30/2007.


/applications/core/interface/file/attachment.php?id=388" data-fileid="388" rel="">ecards_7_30_2007.zip


It looks like these are hard to generically detect.


Look forward to your analysis.


Thanks,


-GT


Sample email:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Hi. Mate has sent you an ecard.


See your card as often as you wish during the next 15 days.


SEEING YOUR CARD


If your email software creates links to Web pages, click on your


card's direct www address below while you are connected to the Internet:


http://69.107.xx.xx/?a43e297e646d1deed435601e5ee713076a3d


Or copy and paste it into your browser's "Location" box (where Internet


addresses go).


We hope you enjoy your awesome card.


Wishing you the best,


Mailer-Daemon,


Greeting-Cards.Com


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Comments

  • Detected as Trojan.Peed.ICB. Thanks for the samples.