Today I received a new suspicious email related to e-cards and postcards online:
Subject: You’ve received A Hallmark E-Card!
And below there is the full content of the message:
Date: Mon, November 17, 2008 3:21 pm
You have recieved A Hallmark E-Card. Hello!
You have recieved a Hallmark E-Card from your friend.
To see it, check the attachment. There’s something special about that E-Card feeling. We invite you to make a friend s day and send one.
Hope to see you soon,
Your friends at Hallmark
And below there is the header of the email:
1 2 3 4 5 6 7 8
Received: from outbound03.telus.net (outbound03.telus.net [188.8.131.52]) Received: from priv-edtnaa04.telusplanet.net ([184.108.40.206]) by priv-edtnes29.telusplanet.net (InterMail vM.7.08.02.02 201-2186-121-104-20070414) with ESMTP id <20081117152405.HNUM5977.email@example.com> for xxxxxxxxxxxxxxxxxxxxxxxxx; Mon, 17 Nov 2008 08:24:05 -0700 Received: from hallmark.com (d142-59-20-61.abhsia.telus.net [220.127.116.11]) by priv-edtnaa04.telusplanet.net (BorderWare Security Platform) with ESMTP
But there is a surprise attached in the email, it is a ZIP compressed file named postcard.zip that contains an executable file named postcard.exe:
Report Generated 19.11.2008 at 2.28.02 (GMT 1)
File size: 195 KB
MD5 Hash: DEC558ED05A4E33C7F71769D3832F107
SHA1 Hash: 073EB35EBA241A631F900A67D10D794B25EEB28C
Application Type: Executable (EXE) 32bit
Packer detected: Microsoft Visual C++ 6.0
Self-Extract Archive: Nothing found
Binder Detector: Nothing found
Detection Rate: 10 on 23
Avira AntiVir TR/Dropper.Gen
Avast Win32:Autorun-APG [Wrm]
AVG Trojan horse Dropper.Generic.ADTI
F-PROT 6 W32/Backdoor2.DJES
G DATA Worm.Win32.AutoRun.shm A
NOD32 v3 Win32/Injector.DG trojan
Make sure to not fall in this scam, if you have received similar emails, it is recommended to not open them and to scan your system with a security software.
Check always the header of the email by searching the IP address or the hostname of the sender and then make a query in google to find if it has committed malicious actions.