crooks are using e-cards that appear to come from a secret admirer in a
scam to collect sensitive personal information, a security expert has
Data including credit card numbers, online
banking credentials, and login names and passwords of thousands of
individuals from Australia and the US has already been collected in the
scam, Roger Thompson, chief technology officer at security software
maker Exploit Prevention Labs, said in an interview on Wednesday.
The attacks involve email messages that at first glance appear to be
greeting cards from services such as Blue Mountain or Yahoo!, Thompson
said. Clicking on the link to view the card, however, first sends the
target to a malicious website that tries to silently install keylogger
software, he said. After that the card is displayed.
He said: "It is really quick, nobody notices it. Unless you actually
look at the source of the email and say, 'hang on, this is a redirect',
you wouldn't actually see it."
miscreants use a flaw in Microsoft's Windows operating system to drop
the spy software and a rootkit to hide it on PCs, Thompson said.
Windows users who have installed the MS06-014 patch, released in May,
are not vulnerable to this particular silent drive-by installation of
The attacks appear to have
started in April with a new wave of malicious email messages sent out
every week. Each week the attackers appear to collect a 200MB file with
freshly captured information from a server, Thompson said. He was able
to identify the server and reported the matter to Australian and US
authorities, he said.
So far, Exploit Prevention Labs has been able to identify that
customers at nearly every Australian bank were compromised, it said in
a statement. The cyber crooks have also targeted individuals in Asia,
Europe and North America using a variety of e-card services, the
Joris Evers writes for CNET News.com