Thu, Feb 14 2008 15:16 Don

American Greetings Phony Site Serves Malware With A Smile

Sunbelt Software is reporting a virulent and convincing fake greeting card site and associated malware.

Like most malware these days, it is delivered through a rogue web site. The link to the site is in an e-mail spammed out to victims as a greeting card. When you click the link you are told you need to update your Flash player to view the card.

This attack is better than most. The fake American Greetings page is well done, and the ActiveX installer program is digitally signed. (It wasn't signed by a commercial certificate authority but by Comodo's UserTrust network, which gives the certificates and tools away.

Sunbelt says the actual trojan is a variant of the Monster Trojan and "a very nasty data-stealing trojan" which uses a rootkit to hide. Things may be better now, but when they reported it detection by security software was poor, with only 4 of 32 scanners detecting an attack in the file.

http://blogs.pcmag.com/securitywatch/2008/02/american_greetings_phony_site.php 

 

Filed under: