Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Trojan:HTML/Postcards.N


Discovered:
Aliases:


July 03, 2007
Trojan:HTML/Postcards.N
Trojan:HTML/Postcards.N

Malware
Other
W32

Summary

Files detected as HTML/Postcard.N@troj are EML files that state that the recipient has received a greeting card.

The recipient is encouraged to click on a link or to visit a website and enter their eCard number to view the message.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details

Files that are detected as HTML/Postcard.N@troj are EML files that state that the recipient has received a greeting card from a friend, relative, or classmate. The recipient is encouraged to click on a link or to visit a website and enter their eCard number to view the message.

When the user click this link, another page will appear stating that a new browser feature is currently being tested. The recipient is asked to click another link pointing to a file, usually named ECARD.EXE. We are detecting these files as Email-Worm.Win32.Zhelatin.

The website seems to have obfuscated javascript that uses exploits to download the file to the recipient's machine. Currently, these page are detected as HTML/IESlice.B@troj.

An example message:



Detection



Detection Type: PC
Database: 2007-07-03_05





Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.