496
Postcard—Click here for more... fun?
Usually viruses are included in your email and they are easy to detect (for people such as me at least...) with stuff such as: Open the attached document, that's URGENT, from someone you never ever heard of ever.
This one, of course, I never heard of the sender either, but the difference here is that the "hacker" is asking you to click on a link which will download an executable (for Windows, again, won't work under my Linux box, do you have a Linux box too? That's already 99% protection against these attacks!)
Not too sure whether this was effective, but some people would most certainly fall for it. Note that I do not know whether it was a simple virus or a complex one installing 100 spyware on your computer in 10 minutes... be careful, that's the usual drill now a days.
I removed the link on the here word below. It looked something like this:
http://<some IP address>/~camelot/postcard.gif.exe
If you look closely you can see "two extensions". Really the computer sees only one: .exe, an executable for MS-Windows.
From cards Sat Aug 12 16:47:43 2006 X-Apparently-To: alexis_wilke@yahoo.com via 206.190.39.161; Sat, 12 Aug 2006 16:47:48 -0700 X-Originating-IP: [66.35.250.206] Return-Path: <olegas@zorvidas.lt> Authentication-Results: mta174.mail.mud.yahoo.com from=yahoo.com; domainkeys=neutral (no sig) Received: from 66.35.250.206 (EHLO mail.sourceforge.net) (66.35.250.206) by mta174.mail.mud.yahoo.com with SMTP; Sat, 12 Aug 2006 16:47:47 -0700 Received: from auste.elnet.lt ([193.219.5.7]) by mail.sourceforge.net with esmtp (Exim 4.44) id 1GC3Ck-0007DZ-OD for alexis_wilke@users.sourceforge.net; Sat, 12 Aug 2006 16:47:47 -0700 Received: from localhost (localhost [127.0.0.1]) by auste.elnet.lt (Postfix) with ESMTP id 8AE7B590299 for <alexis_wilke@users.sourceforge.net>; Sun, 13 Aug 2006 02:44:24 +0300 (EEST) X-Virus-Scanned: amavisd-new at elnet.lt Received: from auste.elnet.lt ([127.0.0.1]) by localhost (auste.elnet.lt [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GHnLInr0-H2z for <alexis_wilke@users.sourceforge.net>; Sun, 13 Aug 2006 02:44:24 +0300 (EEST) Received: from mail.zorvidas.lt (mail.zorvidas.lt [193.219.5.116]) by auste.elnet.lt (Postfix) with ESMTP id DDCAC5901CC for <alexis_wilke@users.sourceforge.net>; Sun, 13 Aug 2006 02:44:22 +0300 (EEST) Received: by mail.zorvidas.lt (Postfix, from userid 504) id E2AD92D1684; Sun, 13 Aug 2006 02:47:43 +0300 (EEST) To: alexis_wilke@users.sourceforge.net Subject: Your Animated PostCard From: Send an Instant Message "cards" <postcards@yahoo.com> Content-Type: text/html Message-Id: <20060812234743.E2AD92D1684@mail.zorvidas.lt> Date: Sun, 13 Aug 2006 02:47:43 +0300 (EEST) X-Spam-Score: 4.9 (++++) X-Spam-Report: Spam Filtering performed by sourceforge.net. See http://spamassassin.org/tag/ for more details. Report problems to http://sf.net/tracker/?func=add&group_id=1&atid=200001 2.2 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers 0.1 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL 0.1 HTML_40_50 BODY: Message is 40% to 50% HTML 0.0 HTML_MESSAGE BODY: HTML included in message 2.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.5 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME headers 0.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag Content-Length: 588
Hello
You have just received a postcard from www.yahoo.com .
If you'd like to see the rest of the message click here to receive your animated postcard!
=================== Thank you for using our services !!! Please take this opportunity to let your friends hear about us by sending them a postcard from our collection ! ==================
