Independence Day Postcard Scam

Further to reports on our blogs recently, another variant of the Postcard Trojan scam appears to be doing the rounds this Independence Day - except that this time, the payload appears to be a Storm worm variant.

This is a simple (some would say dumb) scam - a variant of an old email scam that first appeared in the late nineties. Potential victims are sent an email that says "A friend has sent you a postcard". In the email is a link that connects to a file disguised as a flash movie, shockwave plug-in, or similar innocuous download.

Authentium says: If you receive an email claiming to be an e-postcard or greeting card from a friend or family member, do not click on any links in the email unless you are 100% sure of the source, the sender, and the recency of your antivirus definition files.

If you *must* click on the link, update your antivirus software first and think twice about clicking on anything with the following subject lines (this list courtesy of SANS), or an Independence Day theme:

Celebrate Your Independence
Independence Day At The Park
Fourth of July Party
American Pride, On The 4th
God Bless America
Happy B-Day USA
July 4th Family Day
Your Nations Birthday
July 4th B-B-Q Party
Happy 4th July
4th Of July Celebration
Fireworks on the 4th
Happy Birthday America
Independence Day Celebration
Celebrate Your Nation
Americas B-Day
America's 231 Birthday
July 4th Fireworks Show (new)
America the Beautiful (new)
Independence Day Party (new)
America the beautiful (new)
4th Of July Celebration (new)
God Bless America (new)