Happy HallowEcard
As much as we wish ecard spam was gone, we can’t say we’re surprised to see Halloween themed ecard messages. As usual they’re back with only a few words of content, the usual IP address link, and this time a seasonal subject header about Halloween such as “Happy Halloween” and “Dancing Bones”. When you click the link you see a page as follows.
As tempting as it sounds to play a funny sexual halloween game with a dancing skeleton, I opted not to give the game a try. When visiting the page there is some malicious javascript code (detected as Troj/JSXor-Gen) which tries to get you to download a number of infected files. The link on the page itself links to a “halloween.exe” file which again is detected as Mal/Behav-146.
Interestingly enough, while doing analysis on the site we refreshed the page a few minutes after first visiting it only to find a new image for users to click.
It’s a lot prettier than their first attempt at a page, which in turn could make it a little more convincing for users to download the file.
It should be interesting to see what new variation they come up with next.
Posted on October 30th, 2007 by Onur Komili, Researcher, SophosLabs, CanadaFiled under: Malware, Spam
