Greetings from your hijacker

A new round of greeting card spam that draws users to attack sites relies on a sophisticated multi-pronged, multi-exploit strike force to infect machines, security professionals said recently.

Captured samples of the spam have all borne the same subject line – “You’ve received a postcard from a family member!” – and contain links to a malicious Web site, where JavaScript determines whether or not the victim’s browser has scripting enabled.

“If JavaScript is disabled, then they provide you a handy link to click on to exploit yourself,” said an alert posted by SANS Institute’s Internet Storm Center (ISC). Browsers with JavaScript enabled are simply fed a two-part package of downloader and malware.

The greeting card gambit tries a trio of exploits. The first exploit is against a QuickTime vulnerability, the second is an attack on the popular WinZip compression utility and the third, dubbed “the Hail Mary” by ISC, is an exploit for the WebViewFolderIcon vulnerability in Windows that Microsoft patched last October.

ISC said several antivirus vendors had tentatively pegged the executable malware – the file offered to users whose browsers have JavaScript disabled – as a variation of the Storm Trojan, an aggressive piece of malware that has been hijacking computers to serve as attacker bots since early this year. 075896

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now