Over the last few weeks, we've seen tons of
ecard.exe spam, where fake greeting card
mails have been spammed out.
The
messages have not contained an attachment, but
just links to web sites that offer a download of
one ecard.exe to your machine.
Since
last night, the messages have changed. You still
get the normal greeting card spam:
But when you follow the link, the
web site now talks about the need for you to
install "Microsoft Data Access" to your
computer. Conveniently, they have it available for
download, for free.
Of course, the downloaded file
msdataaccess.exe turns out to be the gift
that keeps on giving. Avoid it like the plague.
In general, it's a
bad idea to follow such unsolicited links
from e-mail. Don't even try the above URL just for
fun. For example, if you access the page with an
outdated version of Firefox or IE, the page will
render with a nasty exploit code that will try to
infect your computer immediately. Opera doesn't
seem to be targeted at the moment.
This
operation is apparently the work of the same gang
that did the original
"Storm worm"
run in January 2007.
We detect the
latest variants as
Email-Worm.Win32.Zhelatin.gg.