Malicious ecard campaign accounts for 9 million spam messages in last 48 hours

August 16, 2007 Sophos Press Release

Sophos, a world leader in IT security and control, has warned computer users that an estimated 9 million malicious ecard spam messages have been sent across the internet in the past 48 hours.

Over the past few weeks, Sophos has detected a resurgence in ecard spam designed to infect recipients' computers. Within the last 48 hours alone, SophosLabs™ notes that malicious ecard spam designed to infect users with the JSEcard-A Trojan horse accounts for 6.3% of all spam seen in its global network of spam traps.

The campaigns use social engineering as a way of suggesting a friend or relative has created an electronic greeting card just for you. The emails claim that the card can be viewed just by visiting the link included in the spam message. However, there is nothing heartwarming about this scam. Visiting the link will result in your PC becoming infected by the JSEcard Trojan horse and will expose the computer to further threats.

Unsolicited emails claiming to link to ecards can direct unwary users to malware instead
Unsolicited emails claiming to link to ecards can direct unwary users to malware instead.

Interestingly, the malware that hackers are using to try and infect innocent computer users is from the same families of malware used in the waves of Storm Trojan that wreaked havoc on the internet earlier this year.

"With more than six percent of all spam related to an ecard attack, people should be suspicious of any electronic greeting that arrives in their inbox unexpectedly. The hackers are using the dangling carrot of an ecard to entice recipients into clicking on a dangerous link," said Ron O'Brien, senior security analyst at Sophos. "Maybe it would be better if people used old fashioned letters and stamps to send their good wishes if ecards are going to increasingly become a method for spreading electronic attacks."

Sophos products have been proactively defending against the Troj/JSEcard-A malware since 29 June 2007, but customers of other vendors' products may need to update their protection.

"Sophos's proactive protection meant that our millions of users won't be infected by this latest attack," explained O'Brien. "Sophos recommends that everyone on the internet thinks of safety first when they use email, or risk putting their data and finances at risk."

Last month, Sophos published research revealing the rise of web-based malware in the first half of 2007. With computer users becoming increasingly aware of how to protect against email-aware viruses and malware, hackers have turned to the web as their preferred vector of attack.

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.