Jump to content

Interesting approach


dra007
 Share

Recommended Posts

flash player is used to upload the virus...supposedly a greeting card...grant it from Argentina, posing as an American known site..

How can someone use flash player to upload a file? Is the file an .swf format or an executable or what? I've seen these greeting card spoofs before, but all I've seen is the ones saying "You've got a greeting card to pickup" and then when you look at the source of the message it will have forged headers to make it look like it came from bluemountain or wherever, the images are just dumped on a free server, and an exe file is linked when you click to get the card. Then, obviously, executing it results in infection of spy/ad/malware, a trojan, etc.

Link to comment
Share on other sites

Here is an email I just received that is nearly identical to the one you posted:

http://www.spamcop.net/sc?id=z1303289921zd...;action=display

I contacted Bluemountain about this and asked if they were interested in receiving reports. I don't know if this could be considered some type of phishing or not. I'm trying to contact ImageShack to report the images in the body of the message so they can delete them, but their server seems to be down ATM. For reference, you can send the reports through this URL.

Link to comment
Share on other sites

I got an automated reply from BlueMountain, but it seems they will accept reports of these fake greeting card messages to security[at]americangreetings.com.

Hello,

Thank you for contacting BlueMountain.com Customer Support.

Please send a copy of the original email message or eCard you received to security[at]americangreetings.com. Be sure to include the original headers (ex. "A friend has just sent you an American Greetings Card!"). Please be advised that you will not

receive a response from security.

It is likely that an automated program virus generated this fake announcement and is sending it to randomly chosen email addresses. As a precautionary measure, we suggest that you run a virus scan on your computer. In the future, you may want to

consider the following recommendations:

1. Do not open email that comes from an address with which you are not familiar.

2. If an eCard announcement appears to come from BlueMountain.com, check to see if it has attachments. If it does, do not open it. BlueMountain.com will never send attachments with the eCard announcements.

Please remember that your ISP will never ask you for your password. You should never give this information out to anyone.

Thank you for bringing this matter to our attention. We have contacted our abuse team and are investigating the fraudulent email. We hope this information is useful. If you have further questions or concerns, don't hesitate to contact us.

Thank you,

Roberto R

Your Customer Support Representative

BlueMountain.com

Link to comment
Share on other sites

The problem is not as much the fraudulent nature, but the malicious nature of that e-mail. Is it random or targetted? It stopped for now, but one has to wonder what the purpose of sending random viri/malware would be or try to accoplish. I am not going to test that virus on my computer...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...