Blog dedicated to Oracle Applications (E-Business Suite) Technology; covers Apps Architecture, Administration and third party bolt-ons to Apps

Friday, January 2, 2009

Happy 2009 from noodles@ma2.seikyou.ne.jp

Today, I got lot of mails with subject: Happy 2009 from noodles@ma2.seikyou.ne.jp with this text:

From: Maria [mailto:noodles@ma2.seikyou.ne.jp]
Sent: Thu 1/3/2002 12:53 PM
To: @STRGP3
Subject: Happy 2009!

Maria sent you a New Year postcard.
Collect it here: http://youryearcard.com/?cardnum=d06657452eb0162e3
Best Wishes, Christmas-Egreetings

Clearly it was spam, as the card downloads an executable, which is a virus.

Here's more information about the virus: http://safeweb.norton.com/report/show?name=youryearcard.com :

Hard to Uninstall (what's this?)

Threats found: 3
Here is a complete list:
Threat Name: Hard to Uninstall
Signature (MD5): ccddda141a19d693ad9cb206f2ae0de9
Location: http://youryearcard.com/postcard.exe


Threat Name: Hard to Uninstall
Signature (MD5): ccddda141a19d693ad9cb206f2ae0de9
Location: http://itsfatherchristmas.com/postcard.exe


Threat Name: Hard to Uninstall
Signature (MD5): 044317a6e6a482e5d491d2cac932d3fd
Location: http://superyearcard.com/postcard.exe



Threats found: 2
Here is a complete list:
Threat Name: 4336
File name: /apps/Symantec/shasta/analysis/cache/cache_25/postcard.exe
Signature (MD5): ccddda141a19d693ad9cb206f2ae0de9
Location: http://itsfatherchristmas.com/postcard.exe


Threat Name: 4336
File name: /apps/Symantec/shasta/analysis/cache/cache_4/postcard.exe
Signature (MD5): 044317a6e6a482e5d491d2cac932d3fd
Location: http://superyearcard.com/postcard.exe

2 comments:

Salabasama said...

Say I happened to have been a bit naive and did happen to try to collect the Ecard. Immediately after realizing what I had just done, I disconnected from the internet, terminated the process, and deleted the exe. But, have I done enough? Am I doomed to assist this foul harvest of email addresses?

Vikram Das said...

Hi Odul,

I recommend a virus scan with latest updates. Here's more news about this:

http://vil.nai.com/vil/content/v_153670.htm

http://garwarner.blogspot.com/

- Vikram