Trojan:​HTML/Postcards.N

Threat description

Details

CATEGORYMalware
TYPEOther
DATE DISCOVEREDJuly 03, 2007

Summary

Files detected as HTML/Postcard.N@troj are EML files that state that the recipient has received a greeting card.

The recipient is encouraged to click on a link or to visit a website and enter their eCard number to view the message.



Removal

Automatic action

Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.

More scanning & removal options

More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

Files that are detected as HTML/Postcard.N@troj are EML files that state that the recipient has received a greeting card from a friend, relative, or classmate. The recipient is encouraged to click on a link or to visit a website and enter their eCard number to view the message.

When the user click this link, another page will appear stating that a new browser feature is currently being tested. The recipient is asked to click another link pointing to a file, usually named ECARD.EXE. We are detecting these files as Email-Worm.Win32.Zhelatin.

The website seems to have obfuscated javascript that uses exploits to download the file to the recipient's machine. Currently, these page are detected as HTML/IESlice.B@troj.

An example message:

Detection

Detection Type: PC

Database: 2007-07-03_05

Submit a Sample

Suspect a file or URL was wrongly detected?
Send it to our Labs for further analysis

Submit a Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

More Info