gif.EXE from "postcard.org"

[E. Fridman]

Got a spoofed e-mail pretending to be from postcards.org with URL link
redirected to home.ro domain leading to postcard.gif.exe file.

While I'm getting plenty of eBay, PayPal and bank spoofs, this one
masked as a greating card was first for me.

 

[Ian JP Kenefick]

y of eBay, PayPal and bank spoofs, this one
masked as a greating card was first for me.

I got this last week. It's now detected as Postcard.d by F-Prot and
Trojan-Spy.Win32.Postcard.e by KLAB I think. I don't know if anyone
else has detected. The url of the iframe contains exploit iframe bof
which is used to run the malware. On a patched system it just consumes
processor time and ram.