Thursday, February 14, 2008

Virus Warning

Thanks to Teresa Ramsey.

Subject: FW: Please read: Virus warning

I checked this one out and its worse than what this even says. Go to and look in the left panel for the "postcard" choice. Only open postcard messages from people you know!!!

Virus warning

I checked with Norton Anti-Virus, and they are gearing up for this virus!

I checked, and it is for real!!

Get this E-mail message sent around to your contacts ASAP.

Virus: You've Received a Postcard from a Family Member!

Status: Real virus.

Examples: [Collected via e-mail, June 2007]

Subject: You've received a postcard from a family member!
Good day. Your family member has sent you an ecard from xxx

Send free ecards from xxx with your choice of colors, words and music.

Your ecard will be available with us for the next 30 days. If you wish to keep the ecard longer, you may save it on your computer or take a print. To view your ecard, choose from any of the following options:

Click on the following Internet address or copy & paste it into your browser's address box.
Copy & paste the ecard number in the "View Your Card" box at xxx
Your ecard number is 6e47840d8e117868911e6c3
Best wishes,

*If you would like to send someone an ecard, you can do so at xxx

Variations: Other subject lines used with this message include the following:

  • You've recieved a Hallmark E-Card!

  • You've received a greeting card from a school-mate!

  • You've received a greeting ecard from a class mate!

  • You've received a greeting ecard from a neighbour!

  • You've received a greeting postcard from a partner!

  • You've received a greeting postcard from a worshipper!

  • You've received a postcard from a family member!

  • You've received a postcard from a neighbour!

  • You've received a postcard from a worshipper!

  • You've received an ecard from a colleague!

  • Class-mate sent you an ecard from!

  • Colleague sent you a greeting ecard from!

  • School mate sent you a greeting ecard from!

  • Family member sent you a postcard from!

  • Neighbour sent you a greeting ecard from!

  • School-mate sent you an ecard from!

  • Worshipper sent you an ecard from!

  • Colleague sent you a postcard from!

  • Neighbour sent you a greeting ecard from!

  • School friend sent you an ecard from!

  • Holiday e-card

  • Movie-quality e-card

  • Love postcard

  • Birthday e-card

  • Thank you card

  • Musical postcard

  • Funny postcard

Origins: Many web sites offer a service that allows a user to send a customized "greeting card" (or "postcard") to a relative, friend, or acquaintance, delivered as an e-mail message containing a hyperlink which the recipient follows to visit the originating site and view the card. Sending out phony e-card notifications is therefore an effective method of camouflaging viruses and inducing unwitting recipients into clicking on links that install malicious programs onto their computers.

A wave of malicious messages (like the one reproduced above) sent out in June 2007 employed that very technique, arriving in inboxes bearing subject lines such as "You've received a postcard from a family member!" The messages contain URLs that recipients are supposed to visit to retrieve their e-cards, but those URLs actually point to servers hosting a variety of malware (including a variant of the Storm Trojan, "an aggressive piece of malware that has been hijacking computers to serve as attacker bots" since early 2007) that is furtively installed onto victims' PCs. (Generally, only unpatched Windows-based systems are vulnerable.)

The underlying worm is the same one that has appeared in messages with subject lines as "Sending You All My Love," the "Laughing Kitty," the "Dancing Skeleton," as well as several game and music download offers.

The storm network is large enough to cut off internet access from any institution its operators choose to attack via a "distributed denial of service attack," in which hundreds or thousands of computers request files from a server simultaneously. The entire country of Estonia was brought down that way last year. The network is actually available for rent for anyone who wishes to use it to send spam, host illegal websites, or stage denial of service attacks.

Storm is a serious threat for several reasons. It communicates "peer-to-peer" instead of via a "command and control" network. For that reason, you can't just disable a few computers that are feeding instructions to the others. The virus download is encrypted, so it is difficult for antivirus programs to recognize, and infected computers are updated by the peer network on a daily basis to keep antivirus programs
from recognizing it once they are updated to recognize previous editions of the virus. The number of infections worldwide is massive, and a quarter of them are on major networks in the US like SBC, Comcast, and Roadrunner. That means that a bank or other business under denial of service attack can't simply block all traffic from certain segments of the internet, because it would be blocking its own users that are sharing those same internet addresses with storm infected computers as they log in and out of the internet. It is believed that Storm's operators are located in St. Petersburg, Russia, are known to the Russian government, and enjoy its protection.

Since antivirus programs will not protect your computer, the most important thing is for people to be extremely suspicious about where they go and what they click on. Never click on any link in an email from someone you don't know. Never click on a link in an advertisement on the internet — if you want to visit that site, look up the address yourself.

Since many of these malicious messages imitate notifications from legitimate e-card sites, recipients should get into the habit of never clicking on links contained within e-card notification e-mails. Instead, go directly to the web site of the card company, find the card pickup page within that site, and enter the ID code included in the e-mail. (If the message was a fake, the worst that will happen is that you won't get a card.)

NOTE:   Readers should take particular care not to confuse the real postcard/greeting card virus with the "Virtual Card for You" hoax that has been circulating for several years. Some of the "Postcard" warnings contribute to this confusion by including within them a link to our article about the "Virtual Card for You" hoax. They're not the same thing, despite some e-mail warnings that erroneously present them as such.

No comments: