A day before Thanksgiving, as I was doing my work, I came across a sample (SHA1:b9b52db22d35c50081054d4ece39f520ae3ef9fe) from a customer submission, with the usual “ecard.exe” filename. It has an image icon but with an .EXE extension; a clear sign of malicious intent.
As I further investigated the sample, it displayed the following greeting:
Note: the message displayed is from a valid electronic greetings website.
I just realized that my first Thanksgiving greeting this year was from a malware
Thanks for the greetings Rebhip… but no thanks! My Thanksgiving tomorrow will be better without you.
Elda Dimakiling, MMPC Dublin