prana
10-27-2002, 02:03 PM
If you get an email to get a mail (or postcard) from friendgreetings.com, dont click on the link or install any of the applications.
It installs a few applications, and proceeds to scan your address book and mass mailing the links to your contacts.
FYI :
--------------------------------------------------------------------------------
Ok,
One of my users received an email today with the following info:
>Subject: AL you have an E-Card from .
>Greetings!
>has sent you an E-Card -- a virtual postcard from FriendGreetings.com. You
>can pickup your E-Card at the FriendGreetings.com by clicking on the link
>below.
>http://www.friendgreetings.com/pickup/pickup333.aspx?code=AL&id=24100211111
111
>Message:
>------------------------------------------------------------
>AL,
>I sent you a greeting card. Please pick it up.
>------------------------------------------------------------
I have changed the address to prevent the spread.
When the user clicked on the link, his Outlook started sending out a copy of
the message to everyone in his address book.
I cannot find any information on this anywhere, google, symantec, mcafee.
There is no attachment to the message, just the link.
If anyone wants the valid link, let me know and I will send it to you.
Thanks
--------------------------------------------------------------------------------
_________________________________________
and advisory from Sophos
--------------------------------------------------------------------------------
If users follow the link in the email, they are invited to install an
ActiveX control onto their computer. An end-user license agreement (EULA)
is displayed stating that by installing the application the user is
giving permission to send a similar greeting card to all addresses found in
the user's Outlook address book.
Of course, many users will not read the EULA thoroughly and will simply
give permission for the ActiveX control to be installed, thus allowing
many unwanted emails to be sent.
The emails arrive with the following characteristics:
Subject:
<Recipient name> you have an E-Card from <Sender name>
Body:
Greetings!
<Sender name> has sent you an E-Card - a virtual postcard from
FriendGreetings.com. You can pick up your E-Card at the
FriendGreetings.com by clicking on the link below.
<A url at http://www.friendgreetings.com is then displayed>
Message:
----------------------------------------------------------
<Recipient name>
I sent you a greeting card. Please pick it up.
<Sender name>
----------------------------------------------------------
It should be noted that this is not a virus or a worm, and that
the email has no attachment.
Customers with web proxies who are concerned about users forwarding
unwanted emails may like to consider blocking access to
http://www.friendgreetings.com. The website is run by a Panamanian company called
Permission Media, Inc. Companies who receive unwanted email as described
above may wish to complain directly to Permission Media.
MailMonitor for SMTP users can block the emails at their gateway by using
the blocked subject lines option. Details on how to do this can be found at
http://www.sophos.com/virusinfo/articles/greetings.html
Sophos recommends companies consider blocking access to non-work-related
websites, and educate users to check with their IT department before
installing unauthorised code onto their computers.
More information can be found on the Sophos website at
http://www.sophos.com/virusinfo/articles/greetings.html
--------------------------------------------------------------------------------
It installs a few applications, and proceeds to scan your address book and mass mailing the links to your contacts.
FYI :
--------------------------------------------------------------------------------
Ok,
One of my users received an email today with the following info:
>Subject: AL you have an E-Card from .
>Greetings!
>has sent you an E-Card -- a virtual postcard from FriendGreetings.com. You
>can pickup your E-Card at the FriendGreetings.com by clicking on the link
>below.
>http://www.friendgreetings.com/pickup/pickup333.aspx?code=AL&id=24100211111
111
>Message:
>------------------------------------------------------------
>AL,
>I sent you a greeting card. Please pick it up.
>------------------------------------------------------------
I have changed the address to prevent the spread.
When the user clicked on the link, his Outlook started sending out a copy of
the message to everyone in his address book.
I cannot find any information on this anywhere, google, symantec, mcafee.
There is no attachment to the message, just the link.
If anyone wants the valid link, let me know and I will send it to you.
Thanks
--------------------------------------------------------------------------------
_________________________________________
and advisory from Sophos
--------------------------------------------------------------------------------
If users follow the link in the email, they are invited to install an
ActiveX control onto their computer. An end-user license agreement (EULA)
is displayed stating that by installing the application the user is
giving permission to send a similar greeting card to all addresses found in
the user's Outlook address book.
Of course, many users will not read the EULA thoroughly and will simply
give permission for the ActiveX control to be installed, thus allowing
many unwanted emails to be sent.
The emails arrive with the following characteristics:
Subject:
<Recipient name> you have an E-Card from <Sender name>
Body:
Greetings!
<Sender name> has sent you an E-Card - a virtual postcard from
FriendGreetings.com. You can pick up your E-Card at the
FriendGreetings.com by clicking on the link below.
<A url at http://www.friendgreetings.com is then displayed>
Message:
----------------------------------------------------------
<Recipient name>
I sent you a greeting card. Please pick it up.
<Sender name>
----------------------------------------------------------
It should be noted that this is not a virus or a worm, and that
the email has no attachment.
Customers with web proxies who are concerned about users forwarding
unwanted emails may like to consider blocking access to
http://www.friendgreetings.com. The website is run by a Panamanian company called
Permission Media, Inc. Companies who receive unwanted email as described
above may wish to complain directly to Permission Media.
MailMonitor for SMTP users can block the emails at their gateway by using
the blocked subject lines option. Details on how to do this can be found at
http://www.sophos.com/virusinfo/articles/greetings.html
Sophos recommends companies consider blocking access to non-work-related
websites, and educate users to check with their IT department before
installing unauthorised code onto their computers.
More information can be found on the Sophos website at
http://www.sophos.com/virusinfo/articles/greetings.html
--------------------------------------------------------------------------------