Fake Holiday eCards: Are You Surprised?

Yesterday, we started to receive reports of emails pretending to carry links to holiday cards.  These emails contain a link that points to a file named ecard.exe.  Of course, this executable is not a seasonal holiday card but malware.  The reason this wave of malware has attracted our attention is that it is very similar to the Storm Worm attacks we were seeing last year.

Although this attack uses fast-flux to make it harder to trace its web servers and a redirection page very similar to those used by Storm last year, this is not the resurrection of the Storm botnet.  Analysis of the binary proves it to be different to Storm.  It was programmed using a different programming language and includes different functionalities.  This malware, detected as a variant of Win32/Waledac by ESET Antivirus, has no peer-to-peer capabilities and uses an open-source packer instead of the custom packers used by Storm.  Also, the Waledac threat has cryptographic capabilities that were not present in Storm.

What we are observing today is proof that malware authors are learning from each other’s errors and successes.  After seeing that Storm was able to infect thousands of systems last year with Christmas-related social engineering, the criminals behind other malware families are now trying to emulate that success.

Pierre-Marc Bureau

Author Pierre-Marc Bureau, ESET

  • Robert Astles

    I managed to get the .exe into the recycle bin and then empty it. Has this cleared it?

  • As long as you didn’t execute it. Though if it was detected by AV it shouldn’t have been executed anyway. (Pierre-Marc already responded directly to this comment: I’m just crossing the t’s in case anyone else was waiting to see a response.

  • Cinda Clinkscales

    Holiday credit rating cards might be a great deal a lot much more than pre-printed credit cards stuffed in envelopes with mailing labels applied. With some imagination and also the right greeting card supplier, a greeting card can be a really unique, higher higher quality present that projects company professionalism as nicely as heartfelt wishes for that holiday season.

Follow us

Copyright © 2017 ESET, All Rights Reserved.