E-Card with Something Special – Malware
My birthday was just passed not long ago, so it’s not surprising that some e-card pickup messages arrived in my mailbox. But they (three in total since June) looked … unusual.
The things that set off alarm bells are:
- The subject of the message are all the same, “You’ve received a postcard from a family member!”, even from different senders.
- The sender names, Postcard.org are E-Cards.com, are not the IP addresses that sent out the messages.
- The addressses to pick up that e-card are not the same from the sender names, nor its hosts.
- No name of your friend or family member is included.
- The style of message is the same.
I got such a message in early June — a little bit too early. Today I got two, so this time I just googled these IP address and checked out whether there’s a warning posted. At this moment only two posted, Register.uk and SearchSecurity.com (where shows the format of fake ecard).
“The interesting part is just how multi-layered the attack is – it uses several different exploits, both technical and social.
It starts by testing to see if Javascript is enabled, and if it’s not, it prompts you to download a file called ecard.exe and run it. If that fails, it tries three different exploits in sequence until it finds one that works, starting with a QuickTime attack, then a WinZip attack, and finally what the ISC calls the “hail Mary” WebViewFolderIcon exploit.
… Perhaps the most dangerous part is that, when SANS ran it through 30 different anti-virus programs, only a quarter of them picked up ecard.exe as a suspect download.” (from The Register)
Despite that I use webmail accounts for most of my internet activities, these fake e-card messages were delivered to my work email address. 
EDIT: Continue to receive few. The latest one changed its subject to “You’ve received a postcard from a worshipper!” A worshipper! Give me a break. 
Later, got the first one in GMail with a subject line as “You’ve received an ecard from a Neighbour!”
