F-Secure Malware Information Pages: Trojan:HTML/Postcards.N

Main Index

Security Guide

F-Secure World Map

Security Alerts

Virus Statistics

Malware Removal Tools

Malware Code Glossary

Submit Malware Sample

Select local site

Main Index » Security Centre » Descriptions

F-Secure Malware Information Pages: Trojan:HTML/Postcards.N

[Summary] \| [Detailed Description] \| [Detection]
Name :	Trojan:HTML/Postcards.N
Alias:	HTML/Postcards.N@troj
Type:	Other, Trojan
Category:	Malware
Date of Discovery:	July 03, 2007

Radar

Summary

Files detected as HTML/Postcard.N@troj are EML files that state that the recipient has received a greeting card.

The recipient is encouraged to click on a link or to visit a website and enter their eCard number to view the message.

Back to the Top

Detailed Description

Files that are detected as HTML/Postcard.N@troj are EML files that state that the recipient has received a greeting card from a friend, relative, or classmate. The recipient is encouraged to click on a link or to visit a website and enter their eCard number to view the message.

When the user click this link, another page will appear stating that a new browser feature is currently being tested. The recipient is asked to click another link pointing to a file, usually named ECARD.EXE. We are detecting these files as Email-Worm.Win32.Zhelatin.

The website seems to have obfuscated javascript that uses exploits to download the file to the recipient's machine. Currently, these page are detected as HTML/IESlice.B@troj.

An example message:

Back to the Top

Detection

F-Secure Anti-Virus detects this malware with the following updates:

[FSAV_Database_Version]

Version = 2007-07-03_05.

Back to the Top

F-Secure Corporation

Last Modified: July 05, 2007