Thursday, June 28, 2007

Hong Kong E-Card Trojan

Last week, it was fake Father's Day email. Today I received an e-card invitation from a Hong Kong email address - Subject: You've received a postcard from a family member.


Now, several friends of mine live in Hong Kong, including Phil Braden, Authentium's co-founder, who recently went back to live in Hong Kong after ten years. But I'm not aware of any "family member" that would make use of a Japanese email address (xxxxx@echna.ne.jp) cloaked in a Hong Kong email address.

Maybe its a payback for the post last week on HK-based phishing toolkits.

According to Patrick Knight of our malware research labs, the link in the email does not lead to a greeting card (no surprise there) but instead leads to a payload, which, when downloaded, does a UDP scan of random IP addresses. Hmmm - sounds like the same guys.

Patrick will post further analysis on this Trojan when it comes to hand, but in the meantime, if you get an invite to download a greeting card or e-card, be careful.

No comments: