Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: postcard.exe SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
We've received word from a number of readers that "postcard.exe" is currently being spammed in EMails with the subject "Happy New Year". AV coverage is still thin. MD5: 4adf7a3719c485a4e482498874b6695f

Update 1530UTC:  AV protection coming online, Trojan-Downloader.Win32.Tibs.jy (Kaspersky), W32/Dref-U (Sophos) W32.Nuwar.AY (TrendMicro). ClamAV was one of the first AVs to have protection available when the wave started last night, they are calling it Downloader-388.

There is also a set of BleedingSnort Sigs available which helps in detecting an existing infection (systems reporting to C&C).

Update 1400UTC: Symantec has thrown their hat in the ring with W32.Mixor.Q@mm.

385 Posts
ISC Handler
Dec 29th 2006

Sign Up for Free or Log In to start participating in the conversation!