Jun28
1:40 am (UTC-7)   |   by David Sancho (Malware Researcher)

This week we have been receiving spammed email samples with the old “you have received a postcard” trick. The malicious email provides a web link to “retrieve” the postcard. In this case, the landing page seems to be completely blank, but in the background, a javascript tries to exploit some vulnerabilities and download and execute malware in the machine. Even though it may seem repetitive at this point, be careful with unexpected “ecards” and always (always!) make sure your browser is updated with the latest vendor patches. This highlights the fact that the main danger in the current landscape comes from web connections. Email-web threat tandems such as this one are getting more and more common.

Postcard.JPG

Postcard2.JPG

Postcard3.JPG

After installation, a rootkit hides a peer-to-peer downloading component that keeps the malware updated. Trend Micro heuristic engine detects the first downloaded component as well as the P2P downloader. The rootkit module is detected as TROJ_TIBS.AB.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Thursday, June 28th, 2007 at 1:40 am and is filed under Security . Responses are closed, but you can trackback from your own site.



No Responses to “Unexpected postcards? Beware!!”

Trackbacks

  1. You’ve Got Postcard Malware · Security to the Core | Arbor Networks Security Blog

The 404 story
All roads lead to TROJ_SMALL.FXD


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice