Spam and fake postcard downloading Trojan

The postcards are a perfect bait to infect, recently I mentioned a couple of interesting cases, that of a fake card with a supposed voice message and another more elaborate one that included a false site of Gusanito.

The following mail appears to be sent by postal.com, however it is a fake postcard sent by attackers as spam:

Fake email with malicious link

Clicking on the links starts the trojan download which appears to be a video in .wma format, it is actually an executable file CartaVirtual.wma.exe

VirusTotal 23/42

As we can see, despite the fact that the message seems legitimate to detect the deception, it is quite simple. In addition there is an important detail that must always be taken into account with this kind of email, the postcard is anonymous, the name of the person sending it does not appear … that enough reason to be suspicious.

Also, although the postcard seems to be sent by a friend, you must have watch out because there is a possibility that they are impersonating your identity (It is a very simple thing to do).

Beware of postcards!

I was browsing the postal.com site and noticed that they do not have a security section or advice that explains how the received postcards should be treated, it would be good if it is included as they have other similar services.

To try I sent a postcard to myself and the email I received was the following:

Real mail sent by the postal service

I invented a name and an email as if it were sent to me by a secret love: P, as you can see it is a fairly easy message to impersonate and the fact of including a link to access the postcard does not help the safety of users .

These types of details are used by spammers to include false links, such as the one in the first image of the post. Many large companies and services do the same, including ultra-well-known banks and financial institutions like PayPal.

Thanks Sergio for the delivery.