Select local site

| Japanese | Simplified Chinese | Traditional Chinese (Hong Kong) | Traditional Chinese (Taiwan)

F-Secure Malware Information Pages: Trojan:HTML/Postcards.N

[Summary] | [Detailed Description] | [Detection]

Name : Trojan:HTML/Postcards.N
Alias:HTML/Postcards.N@troj
Type:Other, Trojan
Category:Malware
Date of Discovery:July 03, 2007
Radar

Summary
Files detected as HTML/Postcard.N@troj are EML files that state that the recipient has received a greeting card.

The recipient is encouraged to click on a link or to visit a website and enter their eCard number to view the message.
Back to the Top

Detailed Description
Files that are detected as HTML/Postcard.N@troj are EML files that state that the recipient has received a greeting card from a friend, relative, or classmate. The recipient is encouraged to click on a link or to visit a website and enter their eCard number to view the message.

When the user click this link, another page will appear stating that a new browser feature is currently being tested. The recipient is asked to click another link pointing to a file, usually named ECARD.EXE. We are detecting these files as Email-Worm.Win32.Zhelatin.

The website seems to have obfuscated javascript that uses exploits to download the file to the recipient's machine. Currently, these page are detected as HTML/IESlice.B@troj.

An example message:

Back to the Top

Detection

F-Secure Anti-Virus detects this malware with the following updates:

[FSAV_Database_Version]

Version = 2007-07-03_05.


Back to the Top



F-Secure Corporation

Last Modified: July 05, 2007