Postcard Storm Wave (Aug 6, 2008)
Aug 6, 2008
A new wave of e-mails was discovered with following subjects:
- You Have An Ecard
- A card for you
- Someone sent you an Ecard.
- Your Digital Greeting Card is waiting
They are pointing to the following domains:
- bestlettercard.com
- supergreetingcard.com
- freepostcardonline.com
- worldpostcardart.com
- superlettercard.com
- digitalaudiopostcard.com
- audiopostcardmail.com
- lettercardadvertising.com
- yourlettercard.com
- oldpostcardshop.com
Here are a few examples of such e-mails:
The email contains a fake message claiming your neighbor or flatmate has sent you a greeting card along with a link. If the user clicks on the link , it opens up a page and prompts the user to download postcard.exe file which is the new variant of Storm worm.
SonicWALL detects this new wave with following signatures:
GAV: Zhelatin.ZN_13 (Worm)
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
