Fake E-Gift Emails Pass Old Style IRCBot as Screensaver

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
A new spam campaign currently making the rounds produces emails that pose as e-gifts from friends, but in fact lead to an IRC-based trojan.

The emails have spoofed headers to appear as originating from gifts@freeze.com and bear a subject of "You have received a gift from one of our members !"

Freeze.com is a website offering desktop customization downloads such as screensavers, wallpapers, icons, sounds, mouse cursors and others.

It might be possible that attackers have modified a legit email template used by the website and replaced the real link with a malicious one.

The emails use a bit social engineering to attract people's interest and convince them to click on the contained link. They read:

"Hello friend ! You have just received a screensaver from someone who really cares about you! This is a part of the message:

'Hi there! It has been a very long time since I haven’t heared anything from you! I hope you enjoy this gift from me that i’ve sent with love …

'I’ve just found out about this service from Sharon, a friend of mine who also told me that…' If you’d like to see the rest of the message click here to receive your 3d live Dolphins."


According to security researchers from Belgian email security provider MX Lab, the included link leads to a gift.pif file hosted on what is most likely a compromised website.

The PIF format is not actually meant to contain executable code, but Windows treats it as such and because of this it has historically been abused to hide malware.

More details - link
 

Chiron

Level 1
Feb 24, 2011
250
I thought freeze.com sounded familiar.

Check out the WOT report:
http://www.mywot.com/en/scorecard/www.freeze.com

I used to go here specifically looking for malware. :sleepy:

Sorry to see other people are doing it on accident. :s
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top