Postcard—Click here for more... fun?

Usually viruses are included in your email and they are easy to detect (for people such as me at least...) with stuff such as: Open the attached document, that's URGENT, from someone you never ever heard of ever.

This one, of course, I never heard of the sender either, but the difference here is that the "hacker" is asking you to click on a link which will download an executable (for Windows, again, won't work under my Linux box, do you have a Linux box too? That's already 99% protection against these attacks!)

Not too sure whether this was effective, but some people would most certainly fall for it. Note that I do not know whether it was a simple virus or a complex one installing 100 spyware on your computer in 10 minutes... be careful, that's the usual drill now a days.

I removed the link on the here word below. It looked something like this:

http://<some IP address>/~camelot/postcard.gif.exe

If you look closely you can see "two extensions". Really the computer sees only one: .exe, an executable for MS-Windows.


From cards Sat Aug 12 16:47:43 2006
X-Apparently-To: alexis_wilke@yahoo.com via 206.190.39.161; Sat, 12 Aug 2006 16:47:48 -0700
X-Originating-IP: [66.35.250.206]
Return-Path:	<olegas@zorvidas.lt>
Authentication-Results:	mta174.mail.mud.yahoo.com from=yahoo.com; domainkeys=neutral (no sig)
Received:	from 66.35.250.206 (EHLO mail.sourceforge.net) (66.35.250.206)
		by mta174.mail.mud.yahoo.com with SMTP; Sat, 12 Aug 2006 16:47:47 -0700
Received:	from auste.elnet.lt ([193.219.5.7]) by mail.sourceforge.net
		with esmtp (Exim 4.44) id 1GC3Ck-0007DZ-OD
		for alexis_wilke@users.sourceforge.net; Sat, 12 Aug 2006 16:47:47 -0700
Received:	from localhost (localhost [127.0.0.1])
		by auste.elnet.lt (Postfix) with ESMTP
		id 8AE7B590299 for <alexis_wilke@users.sourceforge.net>;
		Sun, 13 Aug 2006 02:44:24 +0300 (EEST)
X-Virus-Scanned: amavisd-new at elnet.lt
Received:	from auste.elnet.lt ([127.0.0.1])
		by localhost (auste.elnet.lt [127.0.0.1]) (amavisd-new, port 10024)
		with ESMTP id GHnLInr0-H2z for <alexis_wilke@users.sourceforge.net>;
		Sun, 13 Aug 2006 02:44:24 +0300 (EEST)
Received:	from mail.zorvidas.lt (mail.zorvidas.lt [193.219.5.116])
		by auste.elnet.lt (Postfix) with ESMTP
		id DDCAC5901CC for <alexis_wilke@users.sourceforge.net>;
		Sun, 13 Aug 2006 02:44:22 +0300 (EEST)
Received:	by mail.zorvidas.lt (Postfix, from userid 504) id E2AD92D1684;
		Sun, 13 Aug 2006 02:47:43 +0300 (EEST)
To:		alexis_wilke@users.sourceforge.net
Subject:	Your Animated PostCard
From:		Send an Instant Message "cards" <postcards@yahoo.com>
Content-Type:	text/html
Message-Id:	<20060812234743.E2AD92D1684@mail.zorvidas.lt>
Date:		Sun, 13 Aug 2006 02:47:43 +0300 (EEST)
X-Spam-Score:	4.9 (++++)
X-Spam-Report:	Spam Filtering performed by sourceforge.net.
		See http://spamassassin.org/tag/ for more details.
		Report problems to http://sf.net/tracker/?func=add&group_id=1&atid=200001
		2.2 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
		0.1 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
		0.1 HTML_40_50 BODY: Message is 40% to 50% HTML
		0.0 HTML_MESSAGE BODY: HTML included in message
		2.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
		0.5 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME headers
		0.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
Content-Length:	588

Hello
You have just received a postcard from www.yahoo.com .
If you'd like to see the rest of the message click here to receive your animated postcard!

===================
Thank you for using our  services !!!
Please take this opportunity to let your friends hear about
us by sending them a postcard from our collection !
==================