-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings all, We've just issued the following alert: AL-2007.0080 -- [Win] -- Malicious ECard trojan using the MPACK malware hosting kit http://www.auscert.org.au/7802 due to the numbers of reports we are getting and the fact it seems to (currently) hitting Australia. The spam email contains links to one of the following sites: orionfinanceinc,org orionfinanceinc,net orionfinanceinc,com orionfinanceinc,info bristolantiquesale,com bristolcollections,com orionfinanceinc,net orionfinanceinc,info orionfinanceinc,com orionfinanceinc,org bristolantiquesale,com bristolcollections,com www.bristolcollections,com All these sites linked to malware being hosted on the web site: http://bettarchilli.com/... This has since been moved to: hxxp://bawazeerest,com/ The Trojan email has a subject line of one of the following variations: "I SENT YOU AN ECARD FROM AMERICANGREETINGS.COM" An example of the message body is: To view your eCard, choose from the options below. Click on the following link. http://www.americangreetings.com/ecards/view#pd?i=439899392&m=2157&rr=y&source=ag999 Or copy and paste the above link into your web browser's "address" window. If you have any comments or questions, please visit http://www.americangreetings.com/help/index.pd?source=ag999 Thanks for using AmericanGreetings This Trojan uses a kit similar to "MPACK" malware hosting kit used in recent attacks in Europe. Might be worth looking for flow/connections to the above sites. Any feedback greatly appreciated of course. Best regards, - -- Matthew McGlashan -- Coordination Centre Team Leader | Hotline: +61 7 3365 4417 Australian Computer Emergency Response Team | Direct: +61 7 3365 7924 (AusCERT) | Fax: +61 7 3365 7031 The University of Queensland | WWW: www.auscert.org.au Qld 4072 Australia | Email: auscert(a)auscert.org.au -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) Comment: http://www.auscert.org.au/render.html?it=1967 Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRoipTih9+71yA2DNAQLV6QP/Xe2bKHXi8lL5L4+kRxjkSCl9oW3tqP2F StHnvtoMB6UhJCSiuql2elonDnyWZZehH9GZ5Wz3y1I3lxSrzZRUCdkzZaF2tICI Or4O71SBLcylck0hgQctaqr9uSI5siz560vr70BwXEfRxZ1pFoJHLlJIBGiG3sW3 7gqG1OzvX4Q= =d9qk -----END PGP SIGNATURE-----