Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: postcard.exe - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
postcard.exe
We've received word from a number of readers that "postcard.exe" is currently being spammed in EMails with the subject "Happy New Year". AV coverage is still thin. MD5: 4adf7a3719c485a4e482498874b6695f

Update 1530UTC:  AV protection coming online, Trojan-Downloader.Win32.Tibs.jy (Kaspersky), W32/Dref-U (Sophos) W32.Nuwar.AY (TrendMicro). ClamAV was one of the first AVs to have protection available when the wave started last night, they are calling it Downloader-388.

There is also a set of BleedingSnort Sigs available which helps in detecting an existing infection (systems reporting to C&C).

Update 1400UTC: Symantec has thrown their hat in the ring with W32.Mixor.Q@mm.
Daniel

367 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!