NEWS FROM THE LAB - Tuesday, December 25, 2007

Happy2008.exe Posted by Mikko @ 18:30 GMT

Storm action continues.

They were late for Christmas but early for the New Year: We're already seeing New Year greeting card spam runs directing recipients to a malicious web site called uhavepostcard.com.


Right now there are no exploits on the site, but it tries to download a copy of Happy2008.exe to the user. Which is something you don't want.

Update 1: On the 26th we started seeing a new domain: happycards2008.com. The filename has morphed as well, to

Update 2: Still the 26th and the new domain newyearcards2008.com is being used. Filename right now is