HallMark Card Virus: a UPS Virus variant...

[rmcinnes]

Laurentio...
There was a bit of fuss "downunder" this morning...
While I suspect you may well be aware of the Hallmark e-Card Virus, I felt compelled to keep you informed...

To quote...
UPS Tracking number trojan - another variant and Hallmark e-card
There is a new variant of the UPS Tracking number trojan on route.
The subject is now “[RE] UPS Tracking Number 7056968807″ but the contents remains the same.
The URL that is used by the trojan is slightly different, the host remails the same, the folder structure and the .bin file on the site is different: http://***********.ru/offshore/denis.bin. The number in the subject and file can be random.

The new variant is detected by 13 of the 35 anti virus engines at Virus Total. The MD5 hash is 488d34cd86e252abca560416413a595d.

Also, if you receive an Hallmark E-Card as attachment it’s also another variant of a Trojan-Dropper.Win32 also known as W32/P2Pworm.E.worm or Trojan.Delf.Inject.F.

The chances for infection are much less, 24 of the 35 engines provide protection, so there’s a good chance that it’s captured.

When reading the comments on this blog and also on other resources and web site, I am amazed how many people have double clicked the attachment and have indeed infected their computer.

Now, a very simple tip for the future that is also mentioned on some other web sites as well is
don’t open attachments without checking the content and senders first”.
Handle each email with attachments carefully and don’t start to extract them and click on executables and files with exotic extensions.
Large companies like UPS, Hallmark and others don’t send you an executable in a zip file.
So this is something that you should be aware of. This is the first “red light”.

UPS tracking is done online on their web site and after all, think about it, a message stating that a delivery from July the 1st can’t be delivered while we are in fact July 23 is not a very good UPS service, right?

For Hallmark e-cards you also need to visit their web site to get your lovely e-card.

Following this simple guideline can avoid troubles of getting an infected computer. This applies for everyone. If you work from home, you are an individual, you are in a business environment, it’s a good tip for everyone.
End of quote...

Robert...
Love NOD32...
I was about to go out and buy myself another notebook [VAIO PCG-XE17 memory is maxed out at 256 MB] McAfee was such a hog...

[laurentio]

Hi Robert,

This is a fantastic post! Thanks for letting us know, your help is much appreciated.

Kindest regards
p.s. I'm glad you like NOD32.