Network News

X My Profile
View More Activity

E-Greeting Card Giant Unaffected By Storm Worm

It's been nearly three weeks since I first wrote about the Storm worm authors using fake online greeting cards to trick people into clicking on links to Web sites that try to download and install malicious software. Since then, it looks like the Storm worm authors have adopted a number of other ruses, but they don't appear to have abandoned the greeting card scam.

I wanted to know whether this flood of fake, Storm worm-infested e-greeting cards had had any effect on the legitimate e-card business, and hence the willingness of people to click on links in unsolicited e-mails (a practice that Security Fix has been critical of in the past).

So I phoned American Greetings, which owns without a doubt the biggest e-greetings company around. According to AG spokesperson Frank Cirillo, the incessant attacks have had little measurable impact on the company's click-through rates.

"We haven't seen any [changes] to reflect any kind of real movement either way," Cirillo said of the company's click-through rates over the past month.

ecard.jpg

This, to me, suggests a couple of things: 1) Most legitimate e-card recipients are still unaware enough about this trend that they continue to click, thereby feeding what is quickly shaping up to be one of the biggest e-mail worm outbreaks of all time; and 2) Most people are still unaware enough of this recent malware trend that they feel perfectly comfortable conditioning their friends and loved ones to click on links in random e-mails.

To be fair, American Greetings has instituted something of a security mechanism in all e-greeting cards sent over its network, which allows the recipient to verify that the card is real without clicking on any link. However, I find it unlikely that most people would take advantage of this feature, as it requires recipients to type out a long, complex URL and code. For example, I recently e-mailed myself an e-greeting from American Greeting's Web site. The text I received included this message:

"For your security, if you'd prefer not to click on links within this email, please type: http://www.americangreetings.com/ecards/findit.pd?source=ag999&rr=z into your web browser and enter the following number, 4446713713316, on our ecard pick up page."

Instead of directing people to enter an overly complex link, the company might do Internet users a better service by highlighting the fact that you can retrieve an e-card from the "search ecards" form placed prominently in the upper left hand portion of its home page. To get there, AG should simply be asking people to type "www.ag.com" into their browser (ag.com also takes you to American Greetings's official site), and then cut and paste the code into the Web page.

By Brian Krebs  |  September 6, 2007; 8:52 AM ET
Categories:  From the Bunker , Latest Warnings , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: A Time-to-Patch: Apple 2006
Next: Apple iTunes Update and Patch Tuesday Preview

No comments have been posted to this entry.

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company