Postcard Storm Wave

Aug 6, 2008

A new wave of e-mails was discovered with following subjects:

• You Have An Ecard
• A card for you
• Someone sent you an Ecard.
• Your Digital Greeting Card is waiting

They are pointing to the following domains:

• bestlettercard.com
• supergreetingcard.com
• freepostcardonline.com
• worldpostcardart.com
• superlettercard.com
• digitalaudiopostcard.com
• audiopostcardmail.com
• lettercardadvertising.com
• yourlettercard.com
• oldpostcardshop.com

Here are a few examples of such e-mails:

The email contains a fake message claiming your neighbor or flatmate has sent you a greeting card along with a link. If the user clicks on the link , it opens up a page and prompts the user to download postcard.exe file which is the new variant of Storm worm.

SonicWALL detects this new wave with following signatures:

GAV: Zhelatin.ZN_13 (Worm)