Virus or hoax

[misfish]

This was checked with Norton Anti-Virus, and they are gearing up for this virus!

 

Also checked Snopes (URL above:), and it is for real!!

 

Get this E-mail message sent around to your contacts ASAP.

 

PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS!

 

You should be alert during the next few days. Do not open any message

with an attachment entitled 'POSTCARD FROM HALLMARK,' regardless of who sent it to you. It is a virus which opens A POSTCARD IMAGE, which 'burns' the whole hard disc C of your computer. This virus will be received from someone who has your e-mail address in his/her contact list.

This is the reason why you need to send this e-mail to all your contacts It is better to receive this message 25 times than to receive the virus and open it.

 

If you receive a mail called' POSTCARD,' even though sent to you

by a friend, do not open it! Shut down your computer immediately.

 

This is the worst virus announced by CNN. It has been classified by

Microsoft as the most destructive virus ever. This virus was discovered by

McAfee yesterday, and there is no repair yet for this kind of virus.</ SPAN>

This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept.

 

COPY THIS E-MAIL, AND SEND IT TO YOUR FRIENDS. REMEMBER: IF YOU SEND

IT TO THEM, YOU WILL BENEFIT ALL OF US

 

Snopes lists all the names it could come in.

SNOPES verifies this

 

http://www.snopes.com/computer/virus/postcard.asp

[danc]

This virus was discovered by

McAfee yesterday, and there is no repair yet for this kind of virus.

 

I got an e mail about this a month or so ago. I suspect it is under control by now. But I could be wrong. The Risk Assessment for this virus is low. Thanks for the heads up Brian.

[Gerritt]

Real.

 

Overview -

 

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

 

As many other DDoS trojan Storm has two main parts. A server that runs on compromized systems and a client, from which the hacker controls the DDoS attack. Different variants exists of this threat which may show sligtly different behaviours.

The server part, when executed, goes resident and opens a listening port (TCP 41337). When the it receive a command from the client part it initiate a dos attack targeting a specific host. It sends loads of invalid IP fragments with the intent of eating up the victim server resources.

Some variants let the victim know they are running, some don't.

Symptoms

Symptoms -

 

Presence of the following files:

 

* [various] 298496 server variant

* c:\windows\wkernel.exe 174080 server variant

* [various] 177152 server variant

* [various] 22528 client variant

* [various] 49664 client variant

 

Some variants let the victim know they are running, some don't and hooks themself into the registry.

Method of Infection

[Bly]

"Although the Postcard virus is real, it isn't a "BIG VIRUS COMING" (it's already been around in multiple forms for a long time now), it will not "burn the whole hard disc" of your computer, CNN didn't classify it as the "worst virus" ever, and it doesn't arrive in the message bearing a subject line of 'Invitation.'"

 

The above is quoted from the Snopes link.......

 

Brian, you should be fine if you are following wise web protocol.

 

Cheers

[legacey]

A lot of these are intended more of a "social virus" in which people do a mass emailing of the information, as above, to everyone they know. It then creates havoc on mail servers and email accounts, trying to send and receive these messages.

 

I'm sure you're okay and if you get the old message to see if you have a "teddy bear" icon within your windows directory, that is a virus, delete the message not the icon. It's a windows file and another email meant to cause panic.

 

Being in the computer field, it's great to read people asking on a public forum, rather than receiving it 50 times in an email and it shutting down our mail servers.

 

Cheers,

 

Paul

[Leecher]

I searched the McAfee site for this one and this is what I found:

 

Virus Profile: W32/Zhelatin.gen!eml

Risk Assessment

- Home Users: Low

- Corporate Users: Low

Date Discovered: 7/4/2007

Date Added: 7/4/2007

Origin: N/A

Length: varies

Type: Virus

SubType: Generic

DAT Required: 5067

 

Virus Characteristics

Update August 22, 2007

 

This threat is updated on a daily basis. For the latest on the tactics used by this virus family, please check the Avert Blog.

 

 

 

--------------------------------------------------------------------------------

 

This is a detection of spammed email messages used to entice users into visiting sites hosting exploits that would result in a drive-by download. This is the first part in a three-stage infection of W32/Nuwar@MM. The Java Script used in the second stage of infection is detected as JS/Downloader-BCZ.

 

A user receives an email titled “You’re received a postcard” in his inbox and is requested to open the link contained in the message body in order to view the virtual postcard. On visiting the link, a cocktail of browser and application exploits that attempts a drive-by install of malware on the users machine is performed.

 

A copy of the spammed message is as follows:

 

 

 

 

 

Note: The link in the message has been sanitized to protect users from guessing.

 

 

Indications of Infection

Presence of the W32/Zhelatin.gen!eml detection is not an indication that a system has become actively infected. The from address is spoofed when sending infectious email messages and therefore, it can not be assumed that the from user address is any indication of which user may actually be infected.

 

The following list of subject lines have been observed in the wild:

 

You’ve received a greeting card from a admirer!

You’ve received a greeting card from a class mate!

You’ve received a greeting card from a class-mate!

You’ve received a greeting card from a colleague!

You’ve received a greeting card from a family member!

You’ve received a greeting card from a friend!

You’ve received a greeting card from a mate!

You’ve received a greeting card from a neighbor!

You’ve received a greeting card from a neighbour!

You’ve received a greeting card from a partner!

You’ve received a greeting card from a school friend!

You’ve received a greeting card from a school mate!

You’ve received a greeting card from a school-mate!

You’ve received a greeting card from a worshipper!

You’ve received a greeting ecard from a admirer!

You’ve received a greeting ecard from a class mate!

You’ve received a greeting ecard from a class-mate!

You’ve received a greeting ecard from a colleague!

You’ve received a greeting ecard from a family member!

You’ve received a greeting ecard from a friend!

You’ve received a greeting ecard from a mate!

You’ve received a greeting ecard from a neighbor!

You’ve received a greeting ecard from a neighbour!

You’ve received a greeting ecard from a partner!

You’ve received a greeting ecard from a school friend!

You’ve received a greeting ecard from a school mate!

You’ve received a greeting ecard from a school-mate!

You’ve received a greeting ecard from a worshipper!

You’ve received a greeting postcard from a admirer!

You’ve received a greeting postcard from a class mate!

You’ve received a greeting postcard from a class-mate!

You’ve received a greeting postcard from a colleague!

You’ve received a greeting postcard from a family member!

You’ve received a greeting postcard from a friend!

You’ve received a greeting postcard from a mate!

You’ve received a greeting postcard from a neighbor!

You’ve received a greeting postcard from a neighbour!

You’ve received a greeting postcard from a partner!

You’ve received a greeting postcard from a school friend!

You’ve received a greeting postcard from a school mate!

You’ve received a greeting postcard from a school-mate!

You’ve received a greeting postcard from a worshipper!

You’ve received a postcard from a admirer!

You’ve received a postcard from a class mate!

You’ve received a postcard from a class-mate!

You’ve received a postcard from a colleague!

You’ve received a postcard from a family member!

You’ve received a postcard from a friend!

You’ve received a postcard from a mate!

You’ve received a postcard from a neighbor!

You’ve received a postcard from a neighbour!

You’ve received a postcard from a partner!

You’ve received a postcard from a school friend!

You’ve received a postcard from a school mate!

You’ve received a postcard from a school-mate!

You’ve received a postcard from a worshipper!

You’ve received an ecard from a admirer!

You’ve received an ecard from a class mate!

You’ve received an ecard from a class-mate!

You’ve received an ecard from a colleague!

You’ve received an ecard from a family member!

You’ve received an ecard from a friend!

You’ve received an ecard from a mate!

You’ve received an ecard from a neighbor!

You’ve received an ecard from a neighbour!

You’ve received an ecard from a partner!

You’ve received an ecard from a school friend!

You’ve received an ecard from a school mate!

You’ve received an ecard from a school-mate!

You’ve received an ecard from a worshipper!

 

Customers should simply delete all email messages identified as W32/Zhelatin.gen!eml.

 

Method of Infection

The URL in the message points to a site hosting the a cocktail of browser and application exploits. On visiting the site, a silent drive-by install of malware is attempted on unpatched machines.

 

 

 

Removal Instructions

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Keep your virus software up to date at all times

Leechman

[MrMike]

Old news