Thu, Feb 14 2008 15:16
American Greetings Phony Site Serves Malware With A Smile
Sunbelt Software is reporting a virulent and convincing fake greeting card site and associated malware.
Like most malware these days, it is delivered through a rogue web
site. The link to the site is in an e-mail spammed out to victims as a
greeting card. When you click the link you are told you need to update
your Flash player to view the card.
This attack is better than most. The fake American Greetings page is
well done, and the ActiveX installer program is digitally signed. (It
wasn't signed by a commercial certificate authority but by Comodo's UserTrust network, which gives the certificates and tools away.
Sunbelt says the actual trojan is a variant of the Monster Trojan
and "a very nasty data-stealing trojan" which uses a rootkit to hide.
Things may be better now, but when they reported it detection by
security software was poor, with only 4 of 32 scanners detecting an
attack in the file.
Filed under: Alerts