Spams with Hard.zip
Zhelatin.pd, stripshow.exe
We received a new variant of Email-Worm.Win32.Zhelatin -- Zhelatin.pe.
It masquerades as Christmas Greeting Ecards. Everyone should be careful please.
The spams are as the following:
Subject: Hello, you just got a Merry Christmas Greeting Ecards
Body:
When users click the link in the mail, it will redirect the following url:
And it will ask users to download and install Adobe Flash Player.
Is really Adobe Flash Player from Adobe company? Of course, it's not. Let's see its real url.
If users agree installing this fake Adobe Flash Player, a .cab file will be downloaded from americangreetings.b719.cn.
In the .cab file, there are two files.
"update.exe", 48,821 bytes, MD5 hash:c660b319f5bf18bf4dfc6c5e6a6150ca.
Kaspersky detects it as Email-Worm.Win32.Zhelatin.pe.
We suggest administrators should block this domain: americangreetings.b719.cn
Update 5:50 p.m. Dec.24, 2007:
We received another domain: americangreetings.846123.cn, block this domain please.
Last modified by smallmo onDecember 24, 2007 17:39
It masquerades as Christmas Greeting Ecards. Everyone should be careful please.
The spams are as the following:
Subject: Hello, you just got a Merry Christmas Greeting Ecards
Body:
When users click the link in the mail, it will redirect the following url:
http://www.americangreetings.b719.cn/<removed>.htm
And it will ask users to download and install Adobe Flash Player.
Is really Adobe Flash Player from Adobe company? Of course, it's not. Let's see its real url.
If users agree installing this fake Adobe Flash Player, a .cab file will be downloaded from americangreetings.b719.cn.
In the .cab file, there are two files.
"update.exe", 48,821 bytes, MD5 hash:c660b319f5bf18bf4dfc6c5e6a6150ca.
Kaspersky detects it as Email-Worm.Win32.Zhelatin.pe.
We suggest administrators should block this domain: americangreetings.b719.cn
Update 5:50 p.m. Dec.24, 2007:
We received another domain: americangreetings.846123.cn, block this domain please.
Last modified by smallmo onDecember 24, 2007 17:39
