Published: June 11 2009, 03:56 AM
by Ricardo Robielos III

A new Email is circulating disguising itself as a legitimate email from Twitter, Hi5, Amazon and Hallmark. This email has an attachment containing a mass mailing worm and also has the capability to propagate via Peer to Peer (P2P) application such as Limewire, Tesla, WinMX, FrostWire and Grokster. We detect this mass mailing worm as Win32/Fruspam variant.

Sample Emails are the following:

Twitter Email

From: invitations@twitter.com
Subject: Your friend invited you to twitter!
Attachment: Invitation Card.zip

Hi5 Email

From: invitations@hi5.com
Subject: Jessica would like to be your friend on hi5!
Attachment: Invitation Card.zip

 
Amazon Email

From: order-update@amazon.com
Subject: Shipping update for your Amazon.com order 254-78546325-658742
Attachment: Shipping documents.zip

Hallmark Email

From: e-cards@hallmark.com
Subject: You have received A Hallmark E-Card!
Attachment: Postcard.zip

It also downloads images from the following legitimate websites (Twitter.com, hi5.com, amazon.com and hallmark.com) and uses the images to construct the spam email.

We advise users to beware of these kinds of emails and ensure that your CA Security Products are using the latest signatures.

Share this post:  Email

Share