April 26, 2011

Malicious E-Cards on the prowl


Emails disguised as electronic cards have been used as bait over and over again for malicious intent. The fact that they are overused is a clear indicator that this lure indeed works.  Websense Security Labs™ and the Websense ThreatSeeker® Network recently came across an e-card themed email.  Our customers are protected from this threat by ACE, ourAdvanced Classification Engine

Let us first look at the sample email.  The URLs used in the emails are either compromised sites or were only created barely two weeks ago. 

Screen shot 1 : Sample email that the Websense Email Threat Team got hold of recently

Clicking the URL withing the email directs you to a site containing obfuscated code similar to the one shown on Screen shot 2. This code then creates an iframe containing another URL  which you can see on Screen shot 3. 

Screen shot 2 : Obfuscated code of the URL that came with the email

Screen shot 3 : Deobfuscated code of the URL from the email. 


The contents of the URL specified in the iframe contains another obfuscated script.  This script, which uses a strikingly similar redirection code in our recent blog, in turn drops the exploit code and runs a rogue AV on the victim's machine.


Screen shot 4 : Code snippet of the URL specified in the iframe used in redirection


Having the victim click on the link and then download an executable is usually the norm on these type of attacks. However, in this case, victims are exploited, and malware is downloaded and executed simply by clicking the URL link that came with the email.


Screen shot 5 : Snapshot of the malicious website used in the email


Websense Email Security and Websense Web Security protect against these kinds of blended attacks.


Forcepoint-authored blog posts are based on discussions with customers and additional research by our content teams.

Read more articles by Forcepoint

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.