Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Not a “Halmark” Greetings Card

Since this is my second post on the Commtouch blog I have added a brief intro – I have been working in the antivirus industry since 2004. I’ve served as an Escalation Anti-Virus Engineer at Trend Micro, Inc., a Senior Anti-Malware Analyst at F-Secure, Inc., and currently work as a Computer Virus Analyst at Commtouch, in the Antivirus Division (previously Authentium) – now on to the post…

With the holiday season just around the corner we were not surprised to receive some greeting card emails. Viewing the “from address” of the email as shown below gives a hint that it’s truly spam. The email is from ”Halmark Greetings”? – “Halmark” with a single ‘L’? The correct spelling is of course ‘Hallmark’ (the largest manufacturer of greeting cards in the United States).

Clicking the link takes recipients to a site that looks like this:

We analyzed the website and found the code obfuscated.

De-obfuscating the code shows the real intention of the attacker – downloading and executing malware through exploits. The malware exploits a range of vulnerabilities in RealPlayer, JAVA, Flash Player and Adobe Reader.

Following a successful exploit the software may download and execute malware from the following links (Command Antivirus detection is listed on the Right):

  • hxxp://122..72/b/ctyvytasbljuxle.jar – Java/ByteVerify.F
  • hxxp://122..72/b/bwcucwatjtfo4.swf – SWF/Expl.H
  • hxxp://122..72/b/kub.php?i=2 – W32/Poison.U
  • hxxp://122..72/b/kub.php?i=7&&&&& – W32/Poison.U
  • hxxp://122..72/b/dqjmymytbvyzj9.pdf – PDF/Expl.IK
  • hxxp://122..72/b/jvkzfnxlgnfz.pdf – PDF/Expl.IL

Attackers will surely use this opportunity to spread malware so don’t fall for these emails as the holidays approach.

Happy Holidays!

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...