ATLANTA -- Researchers at Exploit Prevention Labs (http://www.explabs.com), the leading developer of anti-exploit software, recently uncovered a major cyber criminal ring operating in Australia using what appear on the surface to be Yahoo Greetings eCards to infect thousands of computer users with malicious keylogger malware, which was then used to steal credit card numbers, bank account usernames and passwords, and other personal information. Although the total number of affected users remains unclear, Exploit Prevention Labs researchers were able to confirm that accounts at nearly every Australian bank were affected. Exploit Prevention Labs researchers quickly contacted Australian police authorities, who coordinated with banks and other institutions to protect affected users.
Earlier this week, Exploit Prevention Labs researchers discovered further evidence that malicious eCard spammers have expanded their operations beyond Australia and Yahoo Greetings, with confirmed targets in North America, Europe and Asia using a variety of eCard supplier accounts.
Roger Thompson, Exploit Prevention Labs' CTO, discovered the Australian eCard scam and has been tracking the evolving threat.
"The user receives an eCard in their email inbox," said Thompson. "The card appears to come through one of the major eCard companies, so it is assumed to be safe, despite the user not recognizing the sender's name on the card. The user clicks the link to view the card, which doesn't tell you who it's really from, so they just close it and continue with whatever they were doing before. Unfortunately, what's actually happened is that a rootkit has been delivered to the user's PC before they even pick up the card."