Our spamtraps are receiving yet another Pushdo spam attack today. The campaign is similar to previous ones but uses a "greeting ecards" theme. Here are some details:
The Spam Message:
The message uses "You've received a greeting ecard" subject line with a .ZIP file attachment. Extracting the .ZIP file contains an executable of a downloader.
The Payload:
Upon execution of the attached file, A GET request attempts to contact unionstrateg.ru and download a scareware installer named "install-1557.exe".
"Privacy Center", a fake 'antivirus scareware product', is then installed after a successful download.
MailMarshal customers are protected against these campaigns with SpamCensor version 340.
