joewein.de LLC
Fighting spam and scams
on the Internet

Home / Blog / About us
Spam
419/Nigeria
Online fraud
jwSpamSpy
Contact

Email Spam Filter:
jwSpamSpy
Try it for free!

Google
 

Trojans and fake greeting cards

In our spamfeed we regularly come across fake greeting cards in either English or Portuguese that attempt to install some Trojan horse software on the recipient's computer via links to executable files. Often the websites the cards link to also attempt to run ActiveX code embedded on the sites or on linked sites.

This allows third parties to gain control over their computers and use them sending spam and other criminals activities.

Here is an example:

Dear spamtrapaddress,

You have just received a virtual postcard! Your ecard has been sent to Angelika at ovom@terra.es


123Greetings CO is all about touching lives, bridging distances, healing rifts and building bonds. We have a gallery of ecards for almost every occasion of life. Express yourself to your friends and family by sending free ecards from our site with your choice of colors, words and music.

Your ecard will be available with us for the next 30 days. If you wish to keep the ecard longer, you may save it on your computer or take a print.

options:

------- OPTION -------

To pickup your card and see the sender, please click on the following Internet address:

http://www.123greetings.com/view/Ho0A9788250870171

-------------------------

Your ecard number is i7us5998782063142

If you need help in viewing your ecards or any other assistance, please visit our Help/ FAQ section located at http://www.123greetings.com/help/


Best wishes, Angelika

Postmaster, 123Greetings.com

*If you would like to send someone an ecard, you can do so at http://www.123greetings.com

-------------------------
sender-ip: 83.23.36.224
The first link leads to a site called http://www.artcreative.com.br/. The second leads to http://www.linkmagazine.ro/img/, which opens a browser window with http://www.opinionabierta.cl/images/index.php?c=1, a hacked website in Chile that attempts to run ActiveX code and prompts you to let it download and run an executable file.