Bad tidings as spam spreads malware

SophosLabs are intercepting a major new malicious spam campaign which is disguising itself as a greeting card from “someone who cares about you”.

Malicious greeting card message

The messages, which have been sent to email addresses around the globe, typically read similar to the following:

Good afternoon,
You have just received a postcard Greeting from someone who cares about you..

Sign up to our free newsletter.
Security news, advice, and tips.

Please find zip file with your Greeting Card attached to this mail!

Thank you for using services !!!
Please take this opportunity to let your friends hear about us by sending them a postcard from our collection !

The messages come complete with an attached ZIP file ( which contains a malicious payload, designed to infect Windows computers.

Subjects used in malicious Greeting Card campaign

Subject lines being used in the campaign vary somewhat, but here are a few:

You have a new Greeting !!!

New Greeting for you!

Hey, you have a new Greeting !!

You've received a greeting from a family member!

Some of the subject lines also feature women’s names, which may be intended to make the emails more believable.

As you have hopefully twigged by now, opening the attached ZIP file is not to be recommended. Sophos products identify the ZIP file as Mal/BredoZp-B and the enclosed malware as Troj/Agent-NMP.

Maybe if people weren’t so quick to believe everything they read in their email attacks like this wouldn’t work. I guess it’s only human to hope that someone out there really cares about us – but in this case, it’s just a social engineering ruse to trick you into opening a dangerous attachment.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.