postcards.gif.exe

An email arrives telling you that someone has sent you a e-card of sorts. Happy happy! Of course you read it, and are presented with a link to click. Of course you click it. And the next couple of warning things about it being an executable and whatnot. Eventually you will end up with something not too dissimilar from these:

My first postcard

An innocent little email, which I have already lost the copy of. The file was called “postcards.gif.exe” Connects to undernet. Very chatty herders, unfortunately they’re romanian and I can’t understand any of it. It’s mIRC and Serv-U — called svchost.exe and Mssvc.exe for the occasion. First Postcard.

The second postcard

1,167 KB worth of Serv-U and cygwin-based XDCC running as asp.exe and cygmech.exe, respectively

Second Postcard.

Postcard the Third

Weighing in at 95 KB. Third Postcard.

The cards are getting more desperate

Now I’m getting e-hugs and e-kisses. So far the viruses involved are boring. They chance your Internet Exploder for instance. They are fully automated, no human interaction at all.

 ecard.exe

This thing comes as a result of clicking on a link in an email, along these lines:

Hi. Colleague (or Worshipper, or Class-Mate, or Friend, or Partner, or School-mate, or School Friend, or Family Member, or Mate, or Neighbour {note english spelling!}, or whatever) has sent you a postcard.
See your card as often as you wish during the next 15 days.SEEING YOUR CARDIf your email software creates links to Web pages, click on your card’s direct www address below while you are connected to the Internet:http://75.176.137.158/?969c2b1c85da463c5c036b0339eb3a6075Or copy and paste it into your browser’s “Location” box (where Internet addresses go).

We hope you enjoy your awesome card.

Wishing you the best,
Postmaster,
all-yours.net

Most of the links are dodos. When they do work they allow you to download “ecard.exe” which then proceeds to blue-screen the computer. Well, that is on Server 2003. On Windows 2000 it just gives out error messages. Either way, it don’t work (unless blue screen was the desired effect. Wow that would be such an interesting virus).

This entry was posted in endellion, Virus. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>