An new round of malicious e-greeting card spam is landing in in-boxes. It usually has the subject line “You’ve received a postcard from a family member!”

Whatever you do, do not open these spam emails, and do not click on the links.

If you do, you will be taken to a malicious web site that will attempt to install a variant of the Storm Trojan horse.

“Today’s greeting-card gambit tries a trio of exploits, moving on to the second if the machine is not vulnerable to the first, then on to the third if necessary. The first is an exploit against a QuickTime vulnerability; the second is an attack on the popular WinZip compression utility; and the third, dubbed “the Hail Mary” by the ISC, is an exploit for the WebViewFolderIcon vulnerability in Windows that Microsoft Corp. patched last October.”

Source: ComputerWorld

This demonstrates the importance of updating all software to the latest versions. In this case, QuickTime WinZip and Windows are the targets. Users who have updated to the latest versions are protected.

And of course, it demonstrates the importance of being suspicious of all email that lands in your inbox.

Posted on Saturday, June 30th, 2007 at 10:38 AM and filed under Email Security, Exploits, Malware, Scams. You can follow any responses to this post through the RSS 2.0 feed. You can leave a comment, or you may trackback from your own site.