Home Forums FineTunedMac Community Lounge Mac malware attack disguised as Christmas ecards

I'm starting to see a malware attack against Macs turning up in my email inbox. These look like fairly standard ecards from American Greetings or Yahoo Greetings. The email body copy reads:

"You've just received a Yahoo! Exclusive e Card via AmericanGreetings. com

Viewing your eCard is just a snap! Click on the following link:

(link redacted)

We hope you enjoy your eCard. If you have any comments or questions, please visit

(link redacted)

Sending ecards and creating printables has never been more e njoyable.
Get ready to experience the next generation of American Greetings

Thanks for usin g Yahoo! American Greetings .com

-----

The link LOOKS like it goes to American Greetings, but it actually leads to ecardg (dot) ggreetcards (dot) com. When you arrive there, you're asked to download the PowerPoint plugin if your browser doesn't have it. The site then attempts to download malware.

This site recognizes Mac and Windows browsers, and downloads malware for each--it's not a Windows-only threat.

because everyone loves to click on christmas cards ending in .EXE

Unfortunately not everyone notices or knows the difference if they do.

The malware site seems to be down now.

In this case, it would not download a .exe file. Instead, it would tell you that you didn't have the right browser plugin to see the Christmas card, and would start the process of installing a plugin on your browser if you were naive enough to allow it to. On Windows it would install a Browser Helper Object for Explorer, or a plugin for other browsers; on the Mac it would try to install a plugin for Safari or Chrome.