Not-So-Friendly Greeting Cards
You might want to think twice before opening that e-greeting card sent to you via e-mail. Cyber crooks have recently been blasting out millions of fake online greeting cards in the hope that recipients will click on the included links and infect their computers with password-stealing viruses.
Previous e-greeting card scams harbored their viral payload in an infected e-mail attachment, but fraudsters now are simply embedding links in the fake card messages. Anyone who clicks on such a link without the benefit of the most recent security updates for their Web browser is likely to have their PC silently whacked with an invasive keystroke-logging program.
I've seen heightened warnings about these scams over the past several weeks, but only recently checked the virus log included in our Postini e-mail inbox filter here at washingtonpost.com. Every single virus quarantined over the past five days was one of these e-greeting card scams (see the image at the right).
The nasty greeting cards have been traced back to tens of thousands of machines infected with the Storm Worm, without a doubt, 2007's most prolific and successful e-mail worm. Storm and its flurry of poisoned e-greeting cards are responsible for one of the biggest virus outbreaks in recent history. According to Postini, in the week following July 2, the company saw a total of 163 million virus-infected messages being spammed worldwide. That's four times larger than any other e-mail virus attacks this year, and the largest single week volume since late 2005, when the Sober worm wrought havoc on e-mail systems globally.
I have never been a huge fan of e-greeting cards, mainly because they condition people to click on links in e-mail, especially when malicious links are one of the broadest vectors for e-mail borne viruses and worms. I realize there are several established and legitimate e-greeting card companies that base their business on this practice. It is sad that the state of e-mail security has come to this, but Microsoft Windows users would be well-advised to simply delete any e-greeting cards that land in their inboxes.
The comments to this entry are closed.