Network News

X My Profile
View More Activity

Not-So-Friendly Greeting Cards

You might want to think twice before opening that e-greeting card sent to you via e-mail. Cyber crooks have recently been blasting out millions of fake online greeting cards in the hope that recipients will click on the included links and infect their computers with password-stealing viruses.

Previous e-greeting card scams harbored their viral payload in an infected e-mail attachment, but fraudsters now are simply embedding links in the fake card messages. Anyone who clicks on such a link without the benefit of the most recent security updates for their Web browser is likely to have their PC silently whacked with an invasive keystroke-logging program.

I've seen heightened warnings about these scams over the past several weeks, but only recently checked the virus log included in our Postini e-mail inbox filter here at Every single virus quarantined over the past five days was one of these e-greeting card scams (see the image at the right).

The nasty greeting cards have been traced back to tens of thousands of machines infected with the Storm Worm, without a doubt, 2007's most prolific and successful e-mail worm. Storm and its flurry of poisoned e-greeting cards are responsible for one of the biggest virus outbreaks in recent history. According to Postini, in the week following July 2, the company saw a total of 163 million virus-infected messages being spammed worldwide. That's four times larger than any other e-mail virus attacks this year, and the largest single week volume since late 2005, when the Sober worm wrought havoc on e-mail systems globally.

I have never been a huge fan of e-greeting cards, mainly because they condition people to click on links in e-mail, especially when malicious links are one of the broadest vectors for e-mail borne viruses and worms. I realize there are several established and legitimate e-greeting card companies that base their business on this practice. It is sad that the state of e-mail security has come to this, but Microsoft Windows users would be well-advised to simply delete any e-greeting cards that land in their inboxes.

By Brian Krebs  |  July 19, 2007; 7:15 AM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: New Firefox Browser Fixes Seven Security Holes
Next: The Yin and Yang of Internet Security Research

No comments have been posted to this entry.

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company