Interesting approach

[dra007]

I wonder why these cretins don't ever give up sending viruses,

http://www.spamcop.net/sc?id=z1302574873zc...ffc233a10d1b1az

this time the clickable mail pointed to a flash media virus..

[jongrose]

What is a "flash media virus"?

[dra007]

flash player is used to upload the virus...supposedly a greeting card...grant it from Argentina, posing as an American known site..

[jongrose]

flash player is used to upload the virus...supposedly a greeting card...grant it from Argentina, posing as an American known site..

How can someone use flash player to upload a file? Is the file an .swf format or an executable or what? I've seen these greeting card spoofs before, but all I've seen is the ones saying "You've got a greeting card to pickup" and then when you look at the source of the message it will have forged headers to make it look like it came from bluemountain or wherever, the images are just dumped on a free server, and an exe file is linked when you click to get the card. Then, obviously, executing it results in infection of spy/ad/malware, a trojan, etc.

[jongrose]

Here is an email I just received that is nearly identical to the one you posted:

http://www.spamcop.net/sc?id=z1303289921zd...;action=display

I contacted Bluemountain about this and asked if they were interested in receiving reports. I don't know if this could be considered some type of phishing or not. I'm trying to contact ImageShack to report the images in the body of the message so they can delete them, but their server seems to be down ATM. For reference, you can send the reports through this URL.

[jongrose]

I got an automated reply from BlueMountain, but it seems they will accept reports of these fake greeting card messages to security[at]americangreetings.com.

Hello,

Thank you for contacting BlueMountain.com Customer Support.

Please send a copy of the original email message or eCard you received to security[at]americangreetings.com. Be sure to include the original headers (ex. "A friend has just sent you an American Greetings Card!"). Please be advised that you will not

receive a response from security.

It is likely that an automated program virus generated this fake announcement and is sending it to randomly chosen email addresses. As a precautionary measure, we suggest that you run a virus scan on your computer. In the future, you may want to

consider the following recommendations:

1. Do not open email that comes from an address with which you are not familiar.

2. If an eCard announcement appears to come from BlueMountain.com, check to see if it has attachments. If it does, do not open it. BlueMountain.com will never send attachments with the eCard announcements.

Please remember that your ISP will never ask you for your password. You should never give this information out to anyone.

Thank you for bringing this matter to our attention. We have contacted our abuse team and are investigating the fraudulent email. We hope this information is useful. If you have further questions or concerns, don't hesitate to contact us.

Thank you,

Roberto R

Your Customer Support Representative

BlueMountain.com

[dra007]

The problem is not as much the fraudulent nature, but the malicious nature of that e-mail. Is it random or targetted? It stopped for now, but one has to wonder what the purpose of sending random viri/malware would be or try to accoplish. I am not going to test that virus on my computer...