informa
/
Commentary

That 'Hallmark' E-Card May Contain Malware Tidings

Recieved was the giveaway; one of the few spelling rules I've retained is "I before e, except after c." So when I my e-mail read, "You have recieved A Hallmark E-Card," I was immediately suspicious. The random capitalization made me wary, too.
"Recieved" was the giveaway; one of the few spelling rules I've retained is "I before e, except after c." So when I my e-mail read, "You have recieved A Hallmark E-Card," I was immediately suspicious. The random capitalization made me wary, too.Most likely, your non-computer-focused family members won't be as on the guard as we are. And that would be very bad, because there's malware at work here.

Here's the e-greeting card. It's a pretty good, fake, to the point where I almost--I say, almost--bought it. Then I remembered that it's not my birthday.



Nothing says it worse than a malware-laden, fake greeting card (click to enlarge image).

It turns out that the threat isn't even concealed with an obfuscatory URL, which is usually how it's done. Scroll your mouse over "To see it, click here," and you see the address of the bad executable: hxxp://www.themusicnetwork.co.uk/(((DONTCLICK))notes/card.exe

I don't know how the "card" executable came to be connected with themusicnetwork.co.uk, which appears to be a legitimate site.

I do know that a Google investigation into the e-card from Hell led me to the helpful CastleCops site. One of its forums listed had the "card" executable on its list of malware.

True, malware-laden greeting cards are nothing new. My experience has been that one receives so many of these things, that when a particularly good fake comes along, you're apt to let down your guard. That's even though we're all well aware never to even look into a card which doesn't come from a named sender.

It's family members who need to be warned to look at the e-card and check it twice, or better yet, give and receive greetings the old-fashioned way, using 41 cents in postage. It'll be a lot cheaper in the long run.