line decor
  
line decor





 

 


 
 

You've Received a postcard from a Family Member

This email is a lure into a site (one of many) that will attempt to download a malware program on to your computer.  Similar to the known exploit fun.exe, zzease.com/myn.exe downloads without prompting and contains several viruses.  See analysis of fun . exe below.

The body of the email is as follows (minor variations may be present)

Good day. Your family member has sent you an ecard from yivisit.hk.

Send free ecards from yivisit.hk with your choice of colors, words and music.

Your ecard will be available with us for the next 30 days. If you wish to keep the ecard longer, you may save it on your computer or take a print.

To view your ecard, choose from any of the following options:

-------- OPTION 1 --------
Click on the following Internet address or copy & paste it into your browser's address box. http://yivisit.hk/?5acb144e15456ec290b516c3

-------- OPTION 2 --------
Copy & paste the ecard number in the "View Your Card" box at http://yivisit.hk/

Your ecard number is 5acb144e15456ec290b516c3 Best wishes, Postmaster, yivisit.hk *If you would like to send someone an ecard, you can do so at http://yivisit.hk/

Fun . exe analysis:

Complete scanning result of "fun.exe", received in VirusTotal at 06.20.2007, 16:25:18 (CET). Antivirus Version Update Result AhnLab-V3 2007.6.20.1 06.20.2007 no virus found AntiVir 7.4.0.34 06.20.2007 no virus found Authentium 4.93.8 06.19.2007 no virus found Avast 4.7.997.0 06.20.2007 no virus found AVG 7.5.0.467 06.19.2007 no virus found BitDefender 7.2 06.20.2007 Trojan.Peed.HXH CAT-QuickHeal 9.00 06.20.2007 no virus found ClamAV devel-20070416 06.20.2007 Trojan.Small-2691 DrWeb 4.33 06.20.2007 Trojan.Packed.140 eSafe 7.0.15.0 06.19.2007 Suspicious Trojan/Worm eTrust-Vet 30.8.3730 06.20.2007 Win32/Sinteri!downloader Ewido 4.0 06.20.2007 no virus found FileAdvisor 1 06.20.2007 no virus found Fortinet 2.91.0.0 06.20.2007 no virus found F-Prot 4.3.2.48 06.19.2007 no virus found F-Secure 6.70.13030.0 06.20.2007 no virus found Ikarus T3.1.1.8 06.20.2007 Email-Worm.Win32.Zhelatin.ew Kaspersky 4.0.2.24 06.20.2007 Email-Worm.Win32.Zhelatin.ex McAfee 5057 06.20.2007 no virus found Microsoft 1.2607 06.20.2007 Worm:Win32/Nuwar.gen NOD32v2 2341 06.20.2007 no virus found Norman 5.80.02 06.20.2007 no virus found Panda 9.0.0.4 06.20.2007 Suspicious file Prevx1 V2 06.20.2007 no virus found Sophos 4.18.0 06.12.2007 no virus found Sunbelt 2.2.907.0 06.09.2007 VIPRE.Suspicious Symantec 10 06.20.2007 Trojan.Packed.13 TheHacker 6.1.6.136 06.20.2007 no virus found VBA32 3.12.0.2 06.20.2007 no virus found VirusBuster 4.3.23:9 06.20.2007 no virus found Webwasher-Gateway 6.0.1 06.20.2007 Win32.Malware.gen (suspicious) Aditional Information File size: 8159 bytes MD5: c755fa31e45c4ac1de848612f21d40cd SHA1: 31ca06b5712b993eeaf61b6f5545934578ab817a


 

 
             

Copyright Kaediem Consulting Services - Web Site by Kaediem Site Map