14 DAY TRIAL // Security researchers warn about a new wave of fake emails purporting to come from Hallmark, which try to pass a computer trojan as a Christmas card.
According to Belgian email security vendor MX Lab, the emails began circulating last week and have a subject of "1st Christmas Card."
Their header is spoofed to appear as if they originate from [email protected] and they are using a Hallmark email template that mimics the look of the company's website.
The message is accompanied by the image of two animated beavers, and reads:
"FIRST CHRISTMAS GREETING You have been chosen to receive the blessing of the Snow Fairy.
The Snow Fairy can bring you good fortune for one whole year.
May YOU be blessed by her good deeds…..
You must pass the Snow Fairy to 7 people within 60 seconds to receive your one year blessing…. HURRY!"
The message suggests the attackers don't only spread these fake emails on their own, but also try to socially engineer recipients to do it for them.
The emails carry an attached archive file called SnowFairy.zip, which contains a 610 kB-large SnowFairy.exe executable.
The file is a trojan which, fortunately, has a relatively high AV detection rate according to Virus Total. Given the names listed by AV vendors for this threat, the trojan's purpose is to download scareware programs.
E-cards have always been popular around holidays and Hallmark is one of the most renowned greeting cards providers on the Internet.
Because of this, fake emails purporting to come from the company have been used as a method of spreading malware for years, and with the winter holidays approaching, their number is only expected to increase.
"With the end of the year in sight we could expect that this kind of threats was going to emerge," the MX Lab researchers write.
