Welcome Guest. | Log In| Register | Membership Benefits
Dark Reading's CSIsland Weblog
Topics:   SophosLabs Insights

  • Email this page E-mail this page
  • Print this page Print this page
  • Bookmark and Share

Major Malicious Ecard Campaign Strikes Inboxes


Posted by Graham Cluley, Jun 12, 2009 10:53 AM

Hackers have spammed out a widespread attack to unsuspecting computer users, disguised as an electronic greeting card.

The email messages, which Sophos is seeing in large numbers in its global network of spamtraps, have the subject line "You have received an eCard" and contain the following message body:

Good day. You have received an eCard

To pick up your eCard, open attached file

We hope you enjoy you eCard.

Thank You!

Careful Internet users should notice that the email messages are not personalized with the recipient's name, and they give no hint as to who might have sent the electronic greeting.

Malicious ecard emails containing the Mal/WaledPak-A malware

Attached to the email is a file called ecard.zip, which contains a malicious Trojan horse that Sophos proactively detects as Mal/WaledPak-A. Users of other antivirus products may need to check that their security software is updated.

Of course, it's never a good idea to open unsolicited email attachments on your PC. But the fact that hackers still persist in schemes such as this one suggest it continues to be an effective way for them to build botnets, steal identities, and con unsuspecting users out of their money.

Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his other blog on the Sophos website you can find him on Twitter at @gcluley. Special to Dark Reading.

« Cost Analysis Of Multifactor Authentication | Main | Incorporating The 'CIA' Triad In Software Purchases »



Sign up now for the weekly InformationWeek Blog Newsletter.


This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.



Related Content

 Sponsored by:
sponsor logo
Seven for 7: Best practices for implementing Windows 7
Windows 7 is here to stay. Discover how to enhance your overall enterprise security by taking advantage of its new powerful endpoint security features.


Sophos Security Threat Report: 2010
SophosLabs received 50,000 new malware samples every day in 2009. Malware attacks are broadening and becoming more evasive with social networking sites and new computing platforms becoming primary targets for hackers. Read the 2009 security threats trends and learn how to protect yourself in 2010.

How To Protect Your Critical Information Easily
Safeguarding massive amounts of sensitive, confidential data--from legally protected personal information to intellectual property and trade secrets--from malicious attacks and accidental loss is one of IT's biggest challenges. With employees having greater mobility than ever before to work outside the office, the job of protecting data has never been more difficult.