Postcard.exe – be aware!
Malicious messages including only executable attachment postcard.exe is being spammed to recipients waiting the celebration of the New Year.
There is no message body at all when the Subject is: Happy New Year!
The sender address is spoofed – as expected.
The following AV writeups have been released (vendors in alphabetical order):
Luder.A / Trojan-Downloader.Win32.Tibs.jy (F-Secure)
-> drops Downloader-ARL
-> drops Troj/Dloadr-ANE
-> drops Trojan.Galapoper.A
W32.Nuwar.AY (Trend Micro)
-> drops TROJ_TIBS.PE
Email-Worm.Win32.Luder.a (unknown vendor)
Kaspersky Lab has added detection on Thursday 28th Dec and several sources report about massive spam campaigns.
The size of the .exe varies but the subject line is always same. Maybe no need to mention that this malware tries to terminate the processes of several AV and firewall utilities.
SANS ISC has informed that there is a protection outside of AV products too:
Update 30th Dec: Added information about Downloader-ARL, Troj/Dloadr-ANE and TROJ_TIBS.PE
Update #2: Added W32.Mixor.Q@mm hyperlink and information about Trojan.Galapoper.A
Update 31th Dec: New variants are out and the AV coverage is remarkable poor. The new variants use several different subject lines and attachments Greeting Card.exe or Greeting Postcard.exe
3rd Jan ’07: Added information about Win32/Luder.I