Anonymous postcards with not-so-happy tidings

Postcard Trojans

(Ignore the fact that the headline sounds mildly suggestive…)

I don’t think I’ve ever used one of these sites, although I am aware of them enough to know they’re yet another silly use of valuable time and effort… (bah, humbug, and all that). Of course, now I’ll be even less inclined to ever open one, so don’t bother sending them!

Seriously, though… as a suggestion: If you send someone a “virtual postcard” from a site that allows such things, please be sure to also send a plain old email from your normal address letting them know it was really you. Remember, the geek’s time you save recovering from that trojan could be your own!

We’re receiving more reports of email messages coming in posing as “postcard pickup” notifications that wind up delivering a trojan payload. One example we were forwarded is an email message claiming “You have just received a virtual postcard from a family member!” which apparently sends you to a “pickup” site that gives you an mIRC-based trojan. While it’s sad that we have to say this, the amount of cruft that’s being delivered via email continues to encourage us to take a “default deny” posture; without knowing the true source of an email, one has to be cautious on accepting just about everything these days.