In this section

• Home
• Security
• SophosLabs blog
• 2007
• 08

• Analyses
• SophosLabs
• SophosLabs blog
• Spyware and adware
• Top 10 malware
• Hoaxes
• Technical papers
• Email notification
• Best practice
• White papers
• Web seminars
• Podcasts
• Hot topics

25 August 2007 11:45 GMT

Another ecard twist

In the last hour, another huge ‘ecard’ spamming run has been detected by SophosLabs. Aside from the usual ecard-related social engineering, some of the messages now masquerade as links to YouTube videos, for example:

Of course, the links are not to YouTube, but to the IP address of compromised machines. Clicking on the link will load a web page containing the usual embedded malicious script and manual link to the Dorf malware, for example:

Happily, the malware involved is proactively detected as Troj/JSXor-Gen (malicious script) and Mal/Dorf-E (Trojan intended to be installed) so there is no need for a detection update to be pushed out at this time.

Fraser Howard, SophosLabs UK

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot