Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Not a “Halmark” Greetings Card

Since this is my second post on the Commtouch blog I have added a brief intro – I have been working in the antivirus industry since 2004. I’ve served as an Escalation Anti-Virus Engineer at Trend Micro, Inc., a Senior Anti-Malware Analyst at F-Secure, Inc., and currently work as a Computer Virus Analyst at Commtouch, in the Antivirus Division (previously Authentium) – now on to the post…

With the holiday season just around the corner we were not surprised to receive some greeting card emails. Viewing the “from address” of the email as shown below gives a hint that it’s truly spam. The email is from ”Halmark Greetings”? – “Halmark” with a single ‘L’? The correct spelling is of course ‘Hallmark’ (the largest manufacturer of greeting cards in the United States).

Clicking the link takes recipients to a site that looks like this:

We analyzed the website and found the code obfuscated.

De-obfuscating the code shows the real intention of the attacker – downloading and executing malware through exploits. The malware exploits a range of vulnerabilities in RealPlayer, JAVA, Flash Player and Adobe Reader.

Following a successful exploit the software may download and execute malware from the following links (Command Antivirus detection is listed on the Right):

  • hxxp://122..72/b/ctyvytasbljuxle.jar – Java/ByteVerify.F
  • hxxp://122..72/b/bwcucwatjtfo4.swf – SWF/Expl.H
  • hxxp://122..72/b/kub.php?i=2 – W32/Poison.U
  • hxxp://122..72/b/kub.php?i=7&&&&& – W32/Poison.U
  • hxxp://122..72/b/dqjmymytbvyzj9.pdf – PDF/Expl.IK
  • hxxp://122..72/b/jvkzfnxlgnfz.pdf – PDF/Expl.IL

Attackers will surely use this opportunity to spread malware so don’t fall for these emails as the holidays approach.

Happy Holidays!

You might also like

Protect Office 365 Email from Ransomware

Ransomware is continually evolving. It has become the “most prominent malware threat”, with experts estimating that ransomware attacks in 2021 resulted in total damage costs of $20 billion. While there is no ransomware that specifically targets Office 365 data, it can...