ecard.exe now becomes msdataaccess.exe
Most of you might have got fake greeting card spam mails, with a link to download ecard. On clicking this link, you will be presented with few trojans and also advised to download and install
ecard.exeto view the ecard. But now, the gang behind this malware have changed their trojan dropper's name to
ecard.exe! Similar to the old
ecard.exevariant, this new one installs malware such as
Here's a screnshot of rooted files related to
And, here's the screenshot of SSDT hook installed by the rootkit:
And lastly, I came across this ecard spam mail (Do NOT visit the link given below!):
Partner() has created Holiday ecard for you"
To see your custom Holiday ecard, simply click on the following Internet address (if your mail program doesn't support this feature you will need to COPY and PASTE the address into your browser's address box):
Send a FREE greeting card from bristos.com whenever you want by visiting us at:
This service is provided and hosted by bristos.com.
And, that link opens up this page:
Yes! We are waiting for the contents to be uploaded by the Admins ;)