This week we have been receiving spammed email samples with the old “you have received a postcard” trick. The malicious email provides a web link to “retrieve” the postcard. In this case, the landing page seems to be completely blank, but in the background, a javascript tries to exploit some vulnerabilities and download and execute malware in the machine. Even though it may seem repetitive at this point, be careful with unexpected “ecards” and always (always!) make sure your browser is updated with the latest vendor patches. This highlights the fact that the main danger in the current landscape comes from web connections. Email-web threat tandems such as this one are getting more and more common.







After installation, a rootkit hides a peer-to-peer downloading component that keeps the malware updated. Trend Micro heuristic engine detects the first downloaded component as well as the P2P downloader. The rootkit module is detected as TROJ_TIBS.AB.