Educause Security Discussion mailing list archives
"postcard" spams.
From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Tue, 3 Jul 2007 13:38:46 -0400
We've been receiving a whole host of "You have received a postcard!" spam, with malware website links embedded in it. For details, see: http://isc.sans.org/diary.html?storyid=3063 I haven't had a whole lot of luck finding information on the method of propagation on this, but it seems to do all of its initial setup from a source UDP port of 26395. At least, that's my observation from a deliberately infected machine and a packet sniffer. Does this jibe with other people's observation of this? The ecard.exe I downloaded from one of the emails has a different MD5 than listed in the SANS article, so I fear there might be copycats and variants out there already. --Matt -- Matt Gracie (716) 888-2403 Information Security Administrator graciem () canisius edu Canisius College ITS 425531N / 0785109W http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Current thread:
- "postcard" spams. Matthew Gracie (Jul 03)
- <Possible follow-ups>
- Re: "postcard" spams. Perry, Jeff (Jul 03)
- Re: "postcard" spams. Theresa Semmens (Jul 03)
- Re: "postcard" spams. David Lundy (Jul 03)
- Re: "postcard" spams. Alan Amesbury (Jul 03)
- Re: "postcard" spams. Les LaCroix (Jul 03)