gif.EXE from ""

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Got a spoofed e-mail pretending to be from with URL link
redirected to domain leading to postcard.gif.exe file.

While I'm getting plenty of eBay, PayPal and bank spoofs, this one
masked as a greating card was first for me.

Re: gif.EXE from ""

Quoted text here. Click to load it

I got this last week. It's now detected as Postcard.d by F-Prot and
Trojan-Spy.Win32.Postcard.e by KLAB I think. I don't know if anyone
else has detected. The url of the iframe contains exploit iframe bof
which is used to run the malware. On a patched system it just consumes
processor time and ram.

Ian Kenefick

Site Timeline