14 DAY TRIAL // A new spam campaign generates fake emails claiming to contain e-cards from French hypermarket chain Carrefour that in reality direct users to malware.
According to security researchers from Belgian email security vendor MX Lab, even though the spam emails have a subject of "You’ve received A Carrefour Bank E-Card!" and purport to come from a [email protected] address, they bear branding of Hallmark, a well known source of quality e-cards.
The email message reads: "Hello! You have just received a Carrefour E-Card. To see it, click here. There’s something special about that E-Card feeling. We invite you to make a friend’s day and send one. Hope to see you soon, Your friends at Carrefour."
There is no malicious attachment, but the "click here" link takes users to a file called Carrefour.exe hosted on an external website. According to a Virus Total scan report, the file is a variant of the notorious Sality virus.
Fortunately, the file already has a good antivirus detection rate and the spam messages are not very well constructed. Linking directly to an .exe file in an email should render it suspicious to any respectable anti-spam filter.
At the time of writing this article the link included in the email is no longer functional, probably a result of takedown efforts by the security community, however, spammers could launch a new wave of with a new link at any time.
Users are advised to exercise caution regarding all email attachments and links even when it appears they were sent by a trusted party. All files should be scanned with a multi-engine service like Virus Total in order to check if they are infected.
The e-card lure has been in use for years, especially around holidays. Despite security experts warning against running executable files which claim to be greeting cards there are enough users that still get infected from such attacks.