Fake greetings cards are a common way of spreading trojans, and this latest Fake Bluemountain.com Email is a case in point.
The message looks similar to the following one:
In fact, the links actually lead to bluemountains.kokocards.com (do not visit this site). A more detailed writeup can be found here.
BlueMountains Greetings <greetings@BlueMountain.com>
You just received an Electronic Greeting.
you just received an electronic greeting from a
To view your eCard, please click
on the following link :
(Your postcard will be available for 60 days.)
have any comments or questions, please visit http://www.bluemountain.com/customer/emailus.pd?source=bma999
for using BlueMountain.com.
There's very little need to accept this type of "greetings card" into corporate environments, and this seems to be a common vector for malware attacks.
If you use Postini, you can create a custom content filter:
- Select Match Any
- Sender | contains | bluemountain.com
- Body | contains | kokocards.com
- Body | contains | bluemountain.com
- Set message disposition to Quarantine Redirect
- Don't forget to copy it to sub-orgs if you need to!