These emails also carry zipped attachments which have been found to contain new variants of the malware in the wild.
Govind Rammurthy, CEO and MD at eScan added, “It is still surprising to see users opening suspicious emails and clicking on attachments or links without verifying the authenticity of the email.”
Rammurthy said these variants have become more malicious than the earlier variants. “They are network aware and pose a great danger to corporate networks as a single infection can lead to a network outbreak within an hour,” he warns. “To avoid such catastrophic scenarios, one should always use reputed and genuine security software and should also have the latest security updates installed in their system.”
The “You have received A Hallmark E-Card!”, spam email comes with postcard.zip or similarly named attachment. The payload in the zip file contains malware that has the capability to mass mail message(s) with the built-in SMTP client engine to the email addresses harvested from the local computer.
The payload also contains a malware with the characteristics of Vundo (aka VirtuMonde/VirtuMundo), a trojan horse that cause popups and advertises rogue antispyware programs. Vundo can infect a system when a browser just visits a Web site link contained in a spammed email. It is known to add itself to the startup registry, create a DLL file in the Windows system32 directory and inject it into system processes winlogon.exe and explorer.exe. The malware can also send downloads/requests to get other files from Internet and spread quickly by itself in a network.
Another email doing the rounds is taking advantage of the popularity of the social networking sites such as “Twitter” and “Hi5” to spread itself. These spam emails carry a deadly payload of a variant of the Buzus worm that is network aware bot creating trojan. On infection, it creates a startup registry entry and modifies the host files to prevent access to security Websites. It can also send spam mail to the email addresses harvested from the local infected system and try to spread itself.
The malware spreading spam also had subject lines such as “Thank you from Google!” and “Shipping update for your Amazon.com order 254-71546325-658732” and were found to be with attachments that had typical names such as Invitation Card.zip or Postcard.zip or Shipping documents.zip or CV-20100120-112.zip. Any unsuspecting user who opens the files gets infected immediately and the malware then tries to infect other systems in the network by sending the same malicious emails to addresses harvested from local address books on the infected computers.
eScan security experts have warned against opening emails or their attachments with subject lines such as ?You have received A Hallmark E-Card!?, ?Your friend invited you to twitter!?, ?Thank you from Google!?, ?Jessica would like to be your friend on hi5!? and ?Shipping update for your Amazon.com order 254-71546325-658732?.