Welcome to SecurityForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

*You have a postcard* e-mails - been a while

  
   Security Forums (Home) -> General Discussions RSS
Next:  Okay, I NEED Help... Bad...  
Author Message
Duh_OZ

External


Since: Dec 17, 2007
Posts: 10



(Msg. 1) Posted: Wed Dec 26, 2007 7:46 pm
Post subject: *You have a postcard* e-mails - been a while
Archived from groups: alt>comp>anti-virus, others (more info?)
Haven't received any postcard/greeting card e-mails since November.
Got a few today from either hxxp://uhavepostcard.com/ or hxxp://happycards2008.com/
Subject was Happy New Years, or some variant.

Both sited instructed you to download a file called happy-2008.exe

Submitted to VT in the AM:

Antivirus Version Last Update Result
AhnLab-V3 2007.12.26.10 2007.12.26 -
AntiVir 7.6.0.46 2007.12.26 TR/Rootkit.Gen
Authentium 4.93.8 2007.12.26 -
Avast 4.7.1098.0 2007.12.26 Win32:Zhelatin-ASX
AVG 7.5.0.516 2007.12.25 -
BitDefender 7.2 2007.12.26
DeepScan:Generic.Malware.FMH@mmign.55A134E9
CAT-QuickHeal 9.00 2007.12.25 -
ClamAV 0.91.2 2007.12.26 Trojan.Zhelatin
DrWeb 4.44.0.09170 2007.12.26 Trojan.Spambot.2386
eSafe 7.0.15.0 2007.12.25 -
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.26 -
FileAdvisor 1 2007.12.26 -
Fortinet 3.14.0.0 2007.12.26 -
F-Prot 4.4.2.54 2007.12.25 -
F-Secure 6.70.13030.0 2007.12.26 -
Ikarus T3.1.1.15 2007.12.26 -
Kaspersky 7.0.0.125 2007.12.26 -
McAfee 5192 2007.12.24 -
Microsoft 1.3109 2007.12.26 Backdoor:WinNT/Nuwar.B!sys
NOD32v2 2747 2007.12.25 probably a variant of Win32/Fuclip
Norman 5.80.02 2007.12.26 -
Panda 9.0.0.4 2007.12.25 Suspicious file
Prevx1 V2 2007.12.26 Stormy:Worm-All Variants
Rising 20.24.21.00 2007.12.26 -
Sophos 4.24.0 2007.12.26 -
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.26 Trojan.Peacomm
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.26 -
VirusBuster 4.3.26:9 2007.12.26 -
Webwasher-Gateway 6.6.2 2007.12.26 Trojan.Rootkit.Gen

 >> Stay informed about: *You have a postcard* e-mails - been a while 
Back to top
Login to vote
Gabriela Salvisberg

External


Since: Aug 06, 2004
Posts: 13



(Msg. 2) Posted: Thu Dec 27, 2007 4:34 am
Post subject: Re: *You have a postcard* e-mails - been a while [Login to view extended thread Info.]
Archived from groups: alt>comp>anti-virus (more info?)
Am Wed, 26 Dec 2007 19:46:48 -0800 schrieb Duh_OZ:

> Haven't received any postcard/greeting card e-mails since November. Got
> a few today from either hxxp://uhavepostcard.com/ or
> hxxp://happycards2008.com/ Subject was Happy New Years, or some variant.
>
> Both sited instructed you to download a file called happy-2008.exe
>
> Submitted to VT in the AM:

But that's strange:
> F-Secure 6.70.13030.0 2007.12.26 "-" ???

It's strange, because at least they should know about it, since they
started blogging about that:
http://www.f-secure.com/weblog/

Gabriela

 >> Stay informed about: *You have a postcard* e-mails - been a while 
Back to top
Login to vote
Dustin Cook

External


Since: Jun 01, 2006
Posts: 152



(Msg. 3) Posted: Thu Dec 27, 2007 4:18 pm
Post subject: Re: *You have a postcard* e-mails - been a while [Login to view extended thread Info.]
Archived from groups: alt>comp>anti-virus, others (more info?)
Duh_OZ <ozzy.kopec.DeleteThis@gmail.com> wrote in
news:aec017bc-1ed2-4a3b-9fa3-26a53ea6d9a0@a35g2000prf.googlegroups.com:

> Haven't received any postcard/greeting card e-mails since November.
> Got a few today from either hxxp://uhavepostcard.com/ or
> hxxp://happycards2008.com/ Subject was Happy New Years, or some
> variant.
>
> Both sited instructed you to download a file called happy-2008.exe

Nice...I can't get either site to send me anything tho. If you still have
that file, I'd certainly like a copy. Smile

--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2e
Email.: bughunter.dustin.DeleteThis@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
 >> Stay informed about: *You have a postcard* e-mails - been a while 
Back to top
Login to vote
Gabriele Neukam

External


Since: Sep 14, 2004
Posts: 462



(Msg. 4) Posted: Thu Dec 27, 2007 5:46 pm
Post subject: Re: *You have a postcard* e-mails - been a while [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On this special day, Duh_OZ wrote:

> Both sited instructed you to download a file called happy-2008.exe

Update:

http://isc.sans.org/diary.html?storyid=3784

it is morphing...


Gabriele Neukam

Gabriele.Spamfighter.Neukam.TakeThisOut@t-online.de

--
ignorance can be fixed. stupidity is life-long.
(jshdude in alt.comp.anti-virus)
 >> Stay informed about: *You have a postcard* e-mails - been a while 
Back to top
Login to vote
Buffalo

External


Since: Jul 19, 2007
Posts: 56



(Msg. 5) Posted: Sun Dec 30, 2007 1:16 pm
Post subject: Re: *You have a postcard* e-mails - been a while [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"Dustin Cook" <bughunter.dustin.RemoveThis@gmail.com> wrote in message
news:Xns9A1374B70228EHHI2948AJD832@69.28.186.121...
> Duh_OZ <ozzy.kopec.RemoveThis@gmail.com> wrote in
> news:aec017bc-1ed2-4a3b-9fa3-26a53ea6d9a0@a35g2000prf.googlegroups.com:
>
> > Haven't received any postcard/greeting card e-mails since November.
> > Got a few today from either hxxp://uhavepostcard.com/ or
> > hxxp://happycards2008.com/ Subject was Happy New Years, or some
> > variant.
> >
> > Both sited instructed you to download a file called happy-2008.exe
>
> Nice...I can't get either site to send me anything tho. If you still have
> that file, I'd certainly like a copy. Smile

Dustin,

I dl'd the file "happynewyear2008.exe" from "uhavepostcard.com" about 1/2
hour ago and my Norton 12/26/07 did not pick it up nor did SuperAntiSpyware
Core:3370 Trace:1365. I did not open it. I tried to send it to you, Dustin,
but your bughunter gmail addy didn't work.
However, I sent it to virustotal and here are the results:
AhnLab-V32007.12.29.112007.12.29-AntiVir7.6.0.462007.12.30TR/Crypt.XDR.Gen
Authentium4.93.82007.12.30W32/StormWorm.U
Avast4.7.1098.02007.12.30Win32:Zhelatin-ASX
AVG7.5.0.5162007.12.30Dropper.Generic.TNQ
BitDefender7.22007.12.30Trojan.Peed.IRM
CAT-QuickHeal9.002007.12.29-
ClamAV0.91.22007.12.30-DrWeb4.44.0.091702007.12.30Trojan.Spambot.2556
eSafe7.0.15.02007.12.27-
eTrust-Vet31.3.54122007.12.29-
Ewido4.02007.12.30-
FileAdvisor12007.12.30-
Fortinet3.14.0.02007.12.30W32/Tibs.G@mm
F-Prot4.4.2.542007.12.29-
F-Secure6.70.13030.02007.12.30Email-Worm:W32/Zhelatin.PS
IkarusT3.1.1.152007.12.30Trojan.Peed.IRM
Kaspersky7.0.0.1252007.12.30Email-Worm.Win32.Zhelatin.pv
McAfee51952007.12.28W32/Nuwar@MM
Microsoft1.31092007.12.30Backdoor:Win32/Nuwar.gen!A
NOD32v227572007.12.30Win32/Nuwar.BE
Norman5.80.022007.12.28-
Panda9.0.0.42007.12.30Suspicious file
Prevx1V22007.12.30Stormy:Worm-All Variants
Rising20.24.52.002007.12.29-
Sophos4.24.02007.12.30Mal/Dorf-H
Sunbelt2.2.907.02007.12.30-
Symantec102007.12.30Trojan.Peacomm.D
TheHacker6.2.9.1752007.12.29-
VBA323.12.2.52007.12.29-
VirusBuster4.3.26:92007.12.30Trojan.DL.Tibs.JO
Webwasher-Gateway6.6.22007.12.30Trojan.Crypt.XDR.Gen
 >> Stay informed about: *You have a postcard* e-mails - been a while 
Back to top
Login to vote
Buffalo

External


Since: Jul 19, 2007
Posts: 56



(Msg. 6) Posted: Sun Dec 30, 2007 3:02 pm
Post subject: Re: *You have a postcard* e-mails - been a while [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Dustin Cook wrote:
> Duh_OZ <ozzy.kopec DeleteThis @gmail.com> wrote in
> news:aec017bc-1ed2-4a3b-9fa3-26a53ea6d9a0@a35g2000prf.googlegroups.com:
>
>> Haven't received any postcard/greeting card e-mails since November.
>> Got a few today from either hxxp://uhavepostcard.com/ or
>> hxxp://happycards2008.com/ Subject was Happy New Years, or some
>> variant.
>>
>> Both sited instructed you to download a file called happy-2008.exe
>
> Nice...I can't get either site to send me anything tho. If you still
> have that file, I'd certainly like a copy. Smile

I use NSW Professional2003 and have just manually installed the latest def
dated 12/30/2007 and it does NOT recognize the "happynewyear2008.exe" file I
downloaded from "uhavepostcard.com". I had also tried it with the 12/26/2007
defs with no luck.
Why doesn't NSW2003Pro recognize it? Is the 'engine' not working?
I keep hearing that the Norton engine gets updated automatically with
LiveUpdate.
However, my AVG free does recognize it. ( I use a dual-boot system Win2000
with NSW and Win98SE with AVG Free).
No, I did not open it the .exe file.
 >> Stay informed about: *You have a postcard* e-mails - been a while 
Back to top
Login to vote
Dustin Cook

External


Since: Jun 01, 2006
Posts: 152



(Msg. 7) Posted: Mon Dec 31, 2007 2:01 am
Post subject: Re: *You have a postcard* e-mails - been a while [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"Buffalo" <Eric.DeleteThis@nada.com.invalid> wrote in
news:LpadnbGxXL3iiOXanZ2dnUVZ_sKqnZ2d@comcast.com:

> Dustin Cook wrote:
>> Duh_OZ <ozzy.kopec.DeleteThis@gmail.com> wrote in
>> news:aec017bc-1ed2-4a3b-9fa3-26a53ea6d9a0@a35g2000prf.googlegroups.com
>> :
>>
>>> Haven't received any postcard/greeting card e-mails since November.
>>> Got a few today from either hxxp://uhavepostcard.com/ or
>>> hxxp://happycards2008.com/ Subject was Happy New Years, or some
>>> variant.
>>>
>>> Both sited instructed you to download a file called happy-2008.exe
>>
>> Nice...I can't get either site to send me anything tho. If you still
>> have that file, I'd certainly like a copy. Smile
>
> I use NSW Professional2003 and have just manually installed the latest
> def dated 12/30/2007 and it does NOT recognize the
> "happynewyear2008.exe" file I downloaded from "uhavepostcard.com". I
> had also tried it with the 12/26/2007 defs with no luck.

I'm sure they'll be adding detection for it soon.

> However, my AVG free does recognize it. ( I use a dual-boot system
> Win2000 with NSW and Win98SE with AVG Free).

AVG's information is either more uptodate, or AVG lucked out and had a
better family signature than NSW is using.



--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2e
Email.: bughunter.dustin.DeleteThis@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
 >> Stay informed about: *You have a postcard* e-mails - been a while 
Back to top
Login to vote
Buffalo

External


Since: Jul 19, 2007
Posts: 56



(Msg. 8) Posted: Mon Dec 31, 2007 2:01 am
Post subject: Re: *You have a postcard* e-mails - been a while [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Dustin Cook wrote:
>> I use NSW Professional2003 and have just manually installed the
>> latest def dated 12/30/2007 and it does NOT recognize the
>> "happynewyear2008.exe" file I downloaded from "uhavepostcard.com". I
>> had also tried it with the 12/26/2007 defs with no luck.
>
> I'm sure they'll be adding detection for it soon.


Well, the TotalVirus site says that Symantec did recognize it with its
30Dec07 defs, and also with its 26Dec07 defs.
So what I'm concerned about is if the NSW2003Pro engine is working or not.
Anyways, thanks for your response. Smile


>> However, my AVG free does recognize it. ( I use a dual-boot system
>> Win2000 with NSW and Win98SE with AVG Free).
>
> AVG's information is either more uptodate, or AVG lucked out and had a
> better family signature than NSW is using.
 >> Stay informed about: *You have a postcard* e-mails - been a while 
Back to top
Login to vote
Dustin Cook

External


Since: Jun 01, 2006
Posts: 152



(Msg. 9) Posted: Mon Dec 31, 2007 2:02 am
Post subject: Re: *You have a postcard* e-mails - been a while [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"Buffalo" <Eric.RemoveThis@nada.com.invalid> wrote in
news:qdadnXTXM6MNYeranZ2dnUVZ_jKdnZ2d@comcast.com:

> "Dustin Cook" <bughunter.dustin.RemoveThis@gmail.com> wrote in message
> news:Xns9A1374B70228EHHI2948AJD832@69.28.186.121...
>> Duh_OZ <ozzy.kopec.RemoveThis@gmail.com> wrote in
>> news:aec017bc-1ed2-4a3b-9fa3-26a53ea6d9a0@a35g2000prf.googlegroups.com
>> :
>>
>> > Haven't received any postcard/greeting card e-mails since November.
>> > Got a few today from either hxxp://uhavepostcard.com/ or
>> > hxxp://happycards2008.com/ Subject was Happy New Years, or some
>> > variant.
>> >
>> > Both sited instructed you to download a file called happy-2008.exe
>>
>> Nice...I can't get either site to send me anything tho. If you still
>> have that file, I'd certainly like a copy. Smile
>
> Dustin,
>
> I dl'd the file "happynewyear2008.exe" from "uhavepostcard.com" about
> 1/2 hour ago and my Norton 12/26/07 did not pick it up nor did
> SuperAntiSpyware Core:3370 Trace:1365. I did not open it. I tried to
> send it to you, Dustin, but your bughunter gmail addy didn't work.

I appreciate your efforts, however, special care has to be taken when
emailing them to me or they will bounce. Sad My site has specific
instructions.
--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2e
Email.: bughunter.dustin.RemoveThis@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
 >> Stay informed about: *You have a postcard* e-mails - been a while 
Back to top
Login to vote
Duh_OZ

External


Since: Dec 17, 2007
Posts: 10



(Msg. 10) Posted: Mon Dec 31, 2007 12:11 pm
Post subject: Re: *You have a postcard* e-mails - been a while [Login to view extended thread Info.]
Archived from groups: alt>comp>anti-virus, others (more info?)
Back to top
Login to vote
Virus Guy

External


Since: Aug 05, 2005
Posts: 424



(Msg. 11) Posted: Mon Dec 31, 2007 12:21 pm
Post subject: Re: *You have a postcard* e-mails - been a while [Login to view extended thread Info.]
Archived from groups: alt>comp>anti-virus, others (more info?)
Buffalo wrote:

> I use NSW Professional2003 and have just manually installed
> the latest def dated 12/30/2007 and it does NOT recognize
> the "happynewyear2008.exe" file I downloaded from
> "uhavepostcard.com". I had also tried it with the 12/26/2007
> defs with no luck.

I've experienced variable detection success with NAV-2002 and the
various happy-this.exe or happy-that.exe files.

I've just downloaded the manual version of the Intelligent Updater and
installed it. It brought the definitions up to today's date (Dec 31,
1 am) and it can detect a few more of them, but not a very recent one
I downloaded within the past hour. However, Symantec (version 10) on
VT does detect it.

So I think that either there is a difference between Symantec
Anti-virus (Version 10) and Norton Anti-Virus, or that maybe the VT
site uses definition updates that are possibly updated every hour (in
the case of Symantec) and not available to the general public.

> I keep hearing that the Norton engine gets updated
> automatically with LiveUpdate.

I think that's still the case - but when it comes to these polymorphic
viruses, Norton/Symantec does not have a robust detection method and
must rely upon more basic information about the particular viral
files.

Or perhaps Symantec Corporate version is more "capable" than the
Norton version when the same updater package is applied to both.

By the way, when I visit those various sites, I'm not being prompted
to download the file - I have to click on the link to download them.
Is everyone else seeing that behavior?

I'm also not being prompted to run any active-x components either.
I'm thinking that the server is seeing my browser ID string and maybe
my OS type and is deciding not to actively send anything my way... ?
 >> Stay informed about: *You have a postcard* e-mails - been a while 
Back to top
Login to vote
Dustin Cook

External


Since: Jun 01, 2006
Posts: 152



(Msg. 12) Posted: Mon Dec 31, 2007 5:38 pm
Post subject: Re: *You have a postcard* e-mails - been a while [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Virus Guy <Virus DeleteThis @Guy.com> wrote in news:47792511.399C9109@Guy.com:

> Buffalo wrote:
>
>> I use NSW Professional2003 and have just manually installed
>> the latest def dated 12/30/2007 and it does NOT recognize
>> the "happynewyear2008.exe" file I downloaded from
>> "uhavepostcard.com". I had also tried it with the 12/26/2007
>> defs with no luck.
>
> I've experienced variable detection success with NAV-2002 and the
> various happy-this.exe or happy-that.exe files.
>
> I've just downloaded the manual version of the Intelligent Updater and
> installed it. It brought the definitions up to today's date (Dec 31,
> 1 am) and it can detect a few more of them, but not a very recent one
> I downloaded within the past hour. However, Symantec (version 10) on
> VT does detect it.
>
> So I think that either there is a difference between Symantec
> Anti-virus (Version 10) and Norton Anti-Virus, or that maybe the VT
> site uses definition updates that are possibly updated every hour (in
> the case of Symantec) and not available to the general public.
>
>> I keep hearing that the Norton engine gets updated
>> automatically with LiveUpdate.
>
> I think that's still the case - but when it comes to these polymorphic
> viruses, Norton/Symantec does not have a robust detection method and
> must rely upon more basic information about the particular viral
> files.

They aren't viral, and aren't polymorphic on their own. Server side does
obfuscate them, but they're still trojans.. worms at best.

In this case tho, I haven't seen Storm morph into a real worm. It's still
trying to hijack system services. hehehe.

> By the way, when I visit those various sites, I'm not being prompted
> to download the file - I have to click on the link to download them.
> Is everyone else seeing that behavior?

Lately, I've had to click the link too. They won't autosend to me. I
tried turning no script off to see if it made any difference and it
hasn't so far.

> I'm also not being prompted to run any active-x components either.
> I'm thinking that the server is seeing my browser ID string and maybe
> my OS type and is deciding not to actively send anything my way... ?

Good possibility.




--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2e
Email.: bughunter.dustin DeleteThis @gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
 >> Stay informed about: *You have a postcard* e-mails - been a while 
Back to top
Login to vote
ed

External


Since: Nov 22, 2007
Posts: 2



(Msg. 13) Posted: Mon Dec 31, 2007 5:38 pm
Post subject: Re: *You have a postcard* e-mails - been a while [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Duh_OZ wrote:
> Collection of URL's so far - forgot to note the file names associated
> with each D'OH
>
> hxxp://uhavepostcard.com/ 12/25/07
> hxxp://happycards2008.com/ 12/26/07
> hxxp://newyearcards2008.com/ 12/27/07
> hxxp://newyearwithlove.com/ 12/28/07 - 12/29/07
> hxxp://familypostcards2008.com/ 12/29/07 - 12/30/07
> hxxp://freshcards2008.com/ 12/30/07
> hxxp://happysantacards.com/ 12/31/07
> hxxp://hellosanta2008.com/ 12/31/07
> hxxp://happy2008toyou.com/ 12/31/07
>
>
last link is a valid http not hxxp.
 >> Stay informed about: *You have a postcard* e-mails - been a while 
Back to top
Login to vote
Ant

External


Since: Jan 31, 2004
Posts: 241



(Msg. 14) Posted: Mon Dec 31, 2007 11:50 pm
Post subject: Re: *You have a postcard* e-mails - been a while [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"Dustin Cook" wrote:

> Virus Guy <Virus RemoveThis @Guy.com> wrote in news:47792511.399C9109@Guy.com:
>> I'm also not being prompted to run any active-x components either.
>> I'm thinking that the server is seeing my browser ID string and maybe
>> my OS type and is deciding not to actively send anything my way... ?
>
> Good possibility.

It's been the case before where what you get depends on the user-agent
string. They're not doing it in this campaign, nor are they packing
the executables.
 >> Stay informed about: *You have a postcard* e-mails - been a while 
Back to top
Login to vote
Buffalo

External


Since: Jul 19, 2007
Posts: 56



(Msg. 15) Posted: Sun Jan 06, 2008 10:21 am
Post subject: Re: *You have a postcard* e-mails - been a while [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Virus Guy wrote:
> Buffalo wrote:
>
>> I use NSW Professional2003 and have just manually installed
>> the latest def dated 12/30/2007 and it does NOT recognize
>> the "happynewyear2008.exe" file I downloaded from
>> "uhavepostcard.com". I had also tried it with the 12/26/2007
>> defs with no luck.
>
> I've experienced variable detection success with NAV-2002 and the
> various happy-this.exe or happy-that.exe files.
>
> I've just downloaded the manual version of the Intelligent Updater and
> installed it. It brought the definitions up to today's date (Dec 31,
> 1 am) and it can detect a few more of them, but not a very recent one
> I downloaded within the past hour. However, Symantec (version 10) on
> VT does detect it.
>
> So I think that either there is a difference between Symantec
> Anti-virus (Version 10) and Norton Anti-Virus, or that maybe the VT
> site uses definition updates that are possibly updated every hour (in
> the case of Symantec) and not available to the general public.
>
>> I keep hearing that the Norton engine gets updated
>> automatically with LiveUpdate.
>
> I think that's still the case - but when it comes to these polymorphic
> viruses, Norton/Symantec does not have a robust detection method and
> must rely upon more basic information about the particular viral
> files.
>
> Or perhaps Symantec Corporate version is more "capable" than the
> Norton version when the same updater package is applied to both.
>
> By the way, when I visit those various sites, I'm not being prompted
> to download the file - I have to click on the link to download them.
> Is everyone else seeing that behavior?
>
> I'm also not being prompted to run any active-x components either.
> I'm thinking that the server is seeing my browser ID string and maybe
> my OS type and is deciding not to actively send anything my way... ?

When I got the 01/02/2008 defs in my NSW2003Pro, it finally detected them.
VirusTotal says that the 12/25/2007 Symantec detected them, but my
12/30/2007 defs did not. I guess that Symantec must give different
preference to their Corporate defs and NSWpro defs.
It took aprox 8 days longer for NSW.
I am amazed that it took so long. Even my Free AVG detected them by
12/30/2007.
 >> Stay informed about: *You have a postcard* e-mails - been a while 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
gif.EXE from "postcard.org" - Got a spoofed e-mail pretending to be from postcards.org with URL link redirected to home.ro domain leading to postcard.gif.exe file. While I'm getting plenty of eBay, PayPal and bank spoofs, this one masked as a greating card was first for me.

postcard.exe - Got the standard 'postcard waiting' e-mail last Saturday and just downloaded the standard postcard.exe file today. Submitted to both jotti and virustotal and just Panda claimed "suspicious". All the others said "clean". That w...

postcard.gif.exe - Here's something recent that is an SFX RAR archive. Don't download this unless you know what you're doing. hxxp://bioscor-j.com/~norbil/postcard.gif.exe

undeliverable mails - Hi I've been receiving an increasing number of mails with the Undeliverable:Returned Mail:User Unknown subject line. They all come from an unknown System Administrator and contain a small attachment which I never open. They are all e-mails that I have..

reflector mails - Hi newsgroup, currently I am getting about 30 unsolicited mails per day. One major group is MS update messages. Another group is reflector mails or something that looks alike. -----Original Message----- From: Network Message Delivery System..
   Security Forums (Home) -> General Discussions All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]