Here's the Rub: Greeting Card is a Trojan

Beware of strangers sending greeting cards. The latest batch of malicious spam claims that "Sender at 'Nikol' sent you an 'e-card'". Those who try to view the card are instructed to download a special viewer. According to AusCert, what gets downloaded is a variant of the Haxdoor Trojan, which F-Secure describes as "a powerful backdoor with rootkit capabilities." Many variants of Haxdoor specifically target banking credentials, meaning it could be your wallet - and not just your computer - at stake.

The greeting card email uses fictitious From addresses such as 'Oviparous G. Pups', 'Janus M. Abnormality', 'Stieglitz M. Armorer' and other made-up names. The body of the greeting card email reads as follows:

Dear recipient !

Sender at 'Nikol' sent you an "e-card"
"Here's the Rub" from 'greeting-cards'.

Click_here_to_view_the_"e-card".

This "ecard" will be stored for one week, so
print or save the card as soon as possible.

Hope you enjoy our "e-cards"! Spread the love and send one of our "e-cards"!

Brought to you by 'greeting cards' - a better way to greet!

If you downloaded the file associated with this malicious greeting card, be advised that the rootkit capabilities included with Haxdoor may make it difficult for some antivirus to detect. Check out "Rootkits Revealed" to learn more about the implications of rootkits and how to detect rootkit-enabled threats.

It's never a good idea to click links in email received from strangers, or to open attachments in email received unexpectedly. In fact, even if you think you know the sender, check with them first to see if they really sent the email. But don't just hit 'reply' to verify. Email them by composing a separate email, using the address you have in your address book - not the one in the email you received. Be especially wary of greeting cards - delete any from folks you don't know and follow the same rules outlined for email attachments if you think you do know them.