Additional Details
Files that are detected as
HTML/Postcard.N@troj are EML files that state that the recipient has received a greeting card from a friend, relative, or classmate. The recipient is encouraged to click on a link or to visit a website and enter their eCard number to view the message.
When the user click this link, another page will appear stating that a new browser feature is currently being tested. The recipient is asked to click another link pointing to a file, usually named
ECARD.EXE. We are detecting these files as Email-Worm.Win32.Zhelatin.
The website seems to have obfuscated javascript that uses exploits to download the file to the recipient's machine. Currently, these page are detected as
HTML/IESlice.B@troj.
An example message:
