*samples* More Ecard-ware

gkthornton
gkthornton
in Malware talk

Scanned with BD defs 7/30/2007.


/applications/core/interface/file/attachment.php?id=388" data-fileid="388" rel="">ecards_7_30_2007.zip


It looks like these are hard to generically detect.


Look forward to your analysis.


Thanks,


-GT


Sample email:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Hi. Mate has sent you an ecard.


See your card as often as you wish during the next 15 days.


SEEING YOUR CARD


If your email software creates links to Web pages, click on your


card's direct www address below while you are connected to the Internet:


http://69.107.xx.xx/?a43e297e646d1deed435601e5ee713076a3d


Or copy and paste it into your browser's "Location" box (where Internet


addresses go).


We hope you enjoy your awesome card.


Wishing you the best,


Mailer-Daemon,


Greeting-Cards.Com


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Comments

  • vlad
    vlad

    Detected as Trojan.Peed.ICB. Thanks for the samples.

All Time Leaders

Categories

Defenders of the month