A run of spam this weekend looks something like this:
From: Martha [fake email address]
Sent: Monday, June 16, 2008 2:56 PM
To:
Subject: Martha sent you a endeny(d0t)hk! Greeting
Surprise! You’ve just received a endeny(d0t)hk! Greeting from from “Martha” [fake email address]
To view this greeting card, click on the following Web address at anytime within the next 30 days.
[malware link]
Enjoy!
The endeny(d0t)hk! Greetings Team
[endeny(d0t)hk is a live exploit site. Do not visit it unless in a virtual machine, etc.]
If you click on the link, you get to a website which attempts to exploit your system (the one we analyzed use the now-patched Ani cursor exploit). A link is also provided on the web page to download the malware yourself.
It’s a new technique that one group is using to deploy the “Storm Worm” P2P bot net.
Alex Eckelberry
(thank Adam Thomas for his research help on this)