«

Haven't seen one of these in a while, especially one so obvious:

[begin quote, including local SpamPal process]

Return-path: <>
Envelope-to:
Delivery-date: Wed, 13 Aug 2008 06:45:51 +1200
Received: from Debian-exim by mx9.orcon.net.nz with local (Exim 4.69)
(envelope-from <>) id 1KSysQ-0003kS-Sj for
; Wed, 13 Aug 2008 06:45:50 +1200
Received: from toroon12-1177861552.sdsl.bell.ca ([70.52.189.176]) by
mx9.orcon.net.nz with esmtp (Exim 4.69) (envelope-from
<>) id 1KSysQ-0003hk-8j for ; Wed, 13
Aug 2008 06:45:50 +1200
Message-ID: <03612.gamal@alvin>
Date: Tue, 12 Aug 2008 16:57:56 +0000
From: "greetingcard.org" <>
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
MIME-Version: 1.0
To: "dear friend" <>
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
X-DSPAM-Check: by mx9.orcon.net.nz on Wed, 13 Aug 2008 06:45:50 +1200
X-DSPAM-Result: Spam
X-DSPAM-Processed: Wed Aug 13 06:45:50 2008
X-DSPAM-Confidence: 0.4682
X-DSPAM-Probability: 0.9884
Subject: **SPAM** [SPAM] You've received a greeting eCard"
X-Antivirus: AVG for E-mail 8.0.138 [270.6.1/1608]
X-Bayesian-Result: Spam (100)
X-Bayesian-Words: 1.0 99 2008 99 4.69 99 7bit 99 8.0.138 99 avg 99 before 99
card 99 checked 99 choose 99 click 99 copy 99 database 99 days 99 dear 99
X-HTMLM: [-30] confusing links (changed)
X-HTMLM-Score: -30
X-SpamPal: SPAM BAYESIAN_PLUGIN BODY
X-Antivirus: AVG for E-mail 8.0.138 [270.6.1/1608]

Good day.
You have received an eCard

To pick up your eCard, choose from any of the following options:
Click on the following link (or copy & paste it into your web browser):

http://freaky-minds.de/e-card.exe.txt

Your card will be aviailable for pick-up beginning for the next 30 days.
Please be sure to view your eCard before the days are up!

We hope you enjoy you eCard.

Thank You!

http://www.greetingcard.org


No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.138 / Virus Database: 270.6.1/1608 - Release Date: 8/12/2008
4:59 PM

[End quote]

I was going to say that it's rather obvious, what with that big *.exe* in
the URL. However, I see SpamPal says "confusing links (changed)" so perhaps
the exe was obfuscated? I wonder how many of these they send out to get one
fool to click it?

Cheers,
--
Shaun.

DISCLAIMER: If you find a posting or message from me
offensive, inappropriate, or disruptive, please ignore it.
If you don't know how to ignore a posting, complain to
me and I will be only too happy to demonstrate...

On Wed, 13 Aug 2008 11:04:21 +1200, thingy <> wrote:

>~misfit~ wrote:
>> Haven't seen one of these in a while, especially one so obvious
>
>8><----
>
>> http://www.greetingcard.org
>
>These seem to be making a comeback....though not all are "greetingcard"
>its the same thing underneath...
>

Getting a load of fake CNN alerts in my Gmail junk:


Safe Browsing
Diagnostic page for westprint.ru/

What is the current listing status for westprint.ru/?

Site is listed as suspicious - visiting this web site may harm your
computer.

Part of this site was listed for suspicious activity 2 time(s) over the past
90 days.

What happened when Google visited this site?

Of the 97 pages we tested on the site over the past 90 days, 5 page(s)
resulted in malicious software being downloaded and installed without user
consent. The last time Google visited this site was on 08/08/2008, and the last
time suspicious content was found on this site was on 07/15/2008.

Malicious software includes 8 scripting exploit(s), 8 trojan(s). Successful
infection resulted in an average of 11 new processes on the target machine.

Malicious software is hosted on 10 domain(s), including 1-2times.com,
neiron2009.com, p0rn-movies.com.

6 domain(s) appear to be functioning as intermediaries for distributing
malware to visitors of this site, including dreamtds.info, p0rn-movies.com,
ruoo.info.

Has this site acted as an intermediary resulting in further distribution of
malware?

Over the past 90 days, westprint.ru/ did not appear to function as an
intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites,
which would cause us to show the warning message.