Trojans Masquerade as Postcard

It's always nice to receive email greetings from friends and family. Unfortunately, would-be attackers often send email disguised as an online postcard as well. These booby-trapped postcards frequently install a downloader Trojan to the recipient's computer, then follow-up by leveraging that Trojan to download additional malware.

In the past several days, attackers are using the ruse to download the Zapchast backdoor Trojan, which in turn installs a virus that infects portable executable (PE EXE) files. PE EXE files are program files that can run independently of any other files. The Windows Notepad and Calculator are examples of PE EXE files, as are screensaver (.SCR) files. Depending on the antivirus software used, the Trojan and/or virus may be identified as Win32/Jeefo, IRC/BackDoor.Flood, Trojan.Zapchas.F, Trojan.IRCBot-93, Win32.HLLP.Jeefo.36352, BAT.Zapchast.s, Win32.Hidrag.a, Backdoor.IRC.Zapchast, IRC/Flood.ev, Trojan:IRC/WinBot or Trojan.IRC.Cloner.AU#1.

Following is an example of a recently seeded mailing of Zapchast:

To avoid being victimized, don't click links in email received unexpectedly and never open any attachments received unexpectedly. These rules apply even if you think you know the sender. Miscreant email quite often spoofs the From address, making it appear to be sent from someone you know. If you do receive a postcard or attachment from someone you know, take a moment to call or email the person to be sure they actually sent it. Don't just reply to the email - instead, compose a new email and either type in their address or use an existing entry in your address book.