Fake greetings cards are a common way of spreading trojans, and this latest Fake Bluemountain.com Email is a case in point.
The message looks similar to the following one:
In fact, the links actually lead to bluemountains.kokocards.com (do not visit this site). A more detailed writeup can be found here.From:
BlueMountains Greetings <greetings@BlueMountain.com>
Subject:
You just received an Electronic Greeting.
Hello,
you just received an electronic greeting from a
friend !
To view your eCard, please click
on the following link :
http://www.bluemountain.com/view.pd?i=164213761&m=2435&rr=z&source=bma999
(Your postcard will be available for 60 days.)
If you
have any comments or questions, please visit http://www.bluemountain.com/customer/emailus.pd?source=bma999
Thanks
for using BlueMountain.com.
There's very little need to accept this type of "greetings card" into corporate environments, and this seems to be a common vector for malware attacks.
If you use Postini, you can create a custom content filter:
- Select Match Any
- Sender | contains | bluemountain.com
- Body | contains | kokocards.com
- Body | contains | bluemountain.com
- Set message disposition to Quarantine Redirect
- Don't forget to copy it to sub-orgs if you need to!
No comments:
Post a Comment