Tony;
This threat is failry old now, but is still making the rounds, presumably for the upcoming holiday season. You can learn more about the Aunt Edna virus here: http://www.dynamoo.com/diary/postcards-org.htm
Here is an excerpt from that website:
"The mail uses a trick similar to many phishing emails, in that the displayed link of http://www.postcards.org/?35-dodge-treads-aunt is actually is disguised link to another server or PC, possibly belonging to an innocent third party. However, the page consists of several exploits that affects Internet Explorer, during tests our anti-virus software stopped this. Mozilla/Firefox will also load the exploit code, although it is not know if those browsers are vulnerable. This appears to download a variant of the CoolWebSearch trojan, which is a particulary unpleasant application. In this case the IP address of the server is 4.40.128.96, port 8180 and the target directory is called /009/ (I deliberately haven't made this a simple URL as it is still valid at the time of publication). In this case the email originated from 83.25.234.72 in Poland."
Anybody receiving a notice of a Postcard waiting at a website hosted in .ro or .ru should not click on the link to the website. It carries exploit code that will plant a maliscious downloader on your computer.
------------------
Bobby D. Hunter
Security for SGF
Hunting down Slimeball Game
Reporting member of SpamCop
[This message was edited by Bobby D. Hunter on 22 October 2005 at 12:50 PM.]
