Watch out for fake e-card New Years wishes and greetings

[Wiz Feinberg]

There is a new round of fake e-card season's greetings making the rounds. These spam messages contain links that purport to be to e-cards from friends or admirers. But, they actually lead to exploit pages that attack vulnerable versions of Adobe Flash, Apple Quicktime, Oracle Java, or other scripting weaknesses that you haven't patched.

Ironically, this new round of e-card spam is being sent from a new variation of the old and dead Storm Botnet, which was replaced with the now-slain Waledac Botnet. We can call this Storm 3.0 I guess. It is just as deadly, if not more so that the old Storm was.

Note: I have seen these spam messages mostly on my throwaway Hotmail accounts, rather than my own domains. If you are a Yahoo or Hotmail user you will probably get a bunch of these scams. Delete them.

Note #2: You can tell whether a link in an email goes to where it claims to, by hovering your pointer over the link, without clicking on it. The actual destination URL and domain will be displayed in the email status bar. If you use a browser to read email, make sure that the Status Bar is enabled!

So, if an e-card link says it goes to 123e-cards.com, but hovering over it shows something like 123e-cards.wuier2456t.com it is a fake. If it shows a numeric IP address destination, delete it instantly! All numeric IP links are Botnetted PC destinations.