Recently, several customers have expressed concern about a circulating e-greeting card that behaves much like a computer virus. MessageLabs, an anti-virus research company, revealed that these self-promoting spam/ad/virus combination e-cards are being sent by Cool-Downloads.com, which is registered in Panama.
The following story has been taken from www.msnbc.com. If you would like to read the article in its entirety, visit http://www.msnbc.com/news/826033.asp . Symantec’s website also has posted an informational article on “Friendgreeting.”
Wormlike E-Card Still Spreading
Net users continue to complain about a greeting card which is making the rounds that behaves much like a computer virus.
It’s part spam, part advertisement, part computer virus, part e-greeting card – but a complete nuisance. Anti-virus providers are hearing from their customers about a suspicious e-mail that purports to be a harmless electronic greeting card. But trying to pick up the card has severe consequences: a copy of this e-card e-mail is sent to everyone in the recipient’s Outlook e-mail address book, similar to the worm-like behavior of the Melissa virus or the LoveBug.
The “Friendgreeting” e-card is not spreading as quickly as a fast-running computer virus, but it’s clearly hitting Internet users, and several have complained to MSNBC.com. Symantec Corp. now says the e-cards’ distribution rate is “high.”
Viewing this new kind of e-card, which requires installation of spam-generating software, means you are likely to pester friends, family, and co-workers with e-mail and inadvertently send them advertisements for Permission Media Inc., the firm that’s apparently behind the effort.
The e-card arrives with a harmless-sounding, personalized subject line: “(Recipient) you have an e-card from (sender).” The message includes another personalized greeting “(Recipient) I sent you a greeting card. Please pick it up.”
In its original form, the e-mail address includes a simple link to Friendgreetings.com; now, a newer version points to Cool-Downloads.com or Cool-Downloads.net. The domain is registered to Permissioned Media Inc., which lists Panama City, Panama as its address. The phone number included in the registration doesn’t work. Cool-Downloads.com shares the same registration information.
Both might sound to an unwitting Internet user like a normal electronic greeting card site. But users who click on the link and agree to install the e-card software find their computer is hijacked and used to send out similar greeting card e-mails to everyone in the recipient’s Outlook address book.
Is It a Virus?
Anti-virus firms aren’t quite sure what to call the program, or what to do about it. Users who try to view the greeting card are warned that they must install new software and told in small print of the End User License Agreement that the program will access the installer’s e-mail address book. As a result, some firms have decided not to treat the program like a virus. Sophos, for example, issued a warning Thursday, but decided not to disable the program with its anti-virus software. Symantec Corp., on the other hand, has decided t o include the program in its virus definition files and prevents it from running.
Some apparently agree with the idea that Net users should be responsible for reading End User Licensing Agreements.
“I’m not sure why you would label this ‘a very underhanded marketing practice’ when the EULA clearly states what they will do and the user had to agree twice in order for it to work. Seems to me to be very upfront and above board,” wrote Paul Schmehl, a virus expert at the University of Texas at Dallas. “It simply takes advantage of the tendency of many people not to read contracts before they agree to them, but you couldn’t argue that you were not clearly informed.”
The Deeper Problem of Spam Marketing
Either way, the program’s tactics are clearly sneaky, and show a disturbing trend of spammers’ unwillingness to deploy tactics long used by virus writers. David Perry, Symantec spokesperson said his company is regularly receiving reports from users who are complaining that their computer has been used to send unsolicited e-mail advertisements.
Another controversial self-promoting program, called Cytron, was advertised through a set of spam mails recently that also purported to offer an electronic greeting card. Net users who try to view that e-card are secretly induced to install a program called “Cytron,” which later pushes pop-up pornography ads at the user. Anitvirus firms have had similar debates deciding whether or not to prevent Cytron from running.
In other cases, spammers have just faked return addresses, a technique known as spoofing. But it can be an alarming experience for an Internet user to receive a complaint from a stranger who has received pornography spam from their e-mail address.
“It’s very distressing,” Perry said. “Reputation loss is becoming a bigger issue than data loss. If I lose my document, I can restore it. But if something goes off my machine and people think I am advertising porn, then my reputation is getting damaged, and my reputation is far more valuable.”
