Threat Level: green Handler on Duty: Russ McRee

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

postcard.exe

Published: 2006-12-29
Last Updated: 2006-12-30 14:19:41 UTC
by Daniel Wesemann (Version: 1)
0 comment(s)
We've received word from a number of readers that "postcard.exe" is currently being spammed in EMails with the subject "Happy New Year". AV coverage is still thin. MD5: 4adf7a3719c485a4e482498874b6695f

Update 1530UTC:  AV protection coming online, Trojan-Downloader.Win32.Tibs.jy (Kaspersky), W32/Dref-U (Sophos) W32.Nuwar.AY (TrendMicro). ClamAV was one of the first AVs to have protection available when the wave started last night, they are calling it Downloader-388.

There is also a set of BleedingSnort Sigs available which helps in detecting an existing infection (systems reporting to C&C).

Update 1400UTC: Symantec has thrown their hat in the ring with W32.Mixor.Q@mm.
Keywords:
0 comment(s)
Diary Archives