NONFOODS: Greeting Cards: Unwelcome greeting
Last month's spate of online greeting card viruses may provide a needed boost to the shrinking paper card market as an increasing number of consumers grow wary about opening the malignant missives.
The onslaught has been of epidemic proportions: As many as 35 million attacks were recorded in just a single day last month, making it one of the most prevalent phishing scams to date.
The e-mail attack disguises malicious code behind a seemingly harmless e-greeting. This latest e-mail attack, according to proactive e-mail security solutions company Avinti, based in Lindon, Utah, is part of a recent increase in spam-like greetings that encourage users to click on a link in the body of the e-mail to view an apparently legitimate site, but instead link to malicious code, or "malware."
The latest version of this type of blended threat includes the subject line "Movie-quality ecard," and provides an e-mail address of the sender to trick the recipient into clicking on the harmful link, according to Avinti.
"Clicking on the Web site address link in the e-mail triggers an installation of one or two files on the user's machine, designed to capture user data. There is no user intervention required -- the download is automatic," says Dave Green, Avinti's c.t.o. "The e-mail appears as plain text, but most e-mail clients pick up the plain-text URL and highlight it for the user to click on. So the e-mail, as plain text, will pass through other antivirus (AV) gateways completely undetected. In case the Web address doesn't get highlighted, the e-mail also encourages users to copy and paste the URL into their browser."
The e-mails often include highlighted domains of reputable Web sites, including postcards.com, egreetings.com, netfuncards.com, hallmark.com, and 2000greetings.com.
The Greeting Card Association and the FBI have released a joint statement warning consumers of fraudulent e-mails claiming to contain an electronic greeting card from an unnamed individual such as a "friend" or "classmate."
The onslaught has been of epidemic proportions: As many as 35 million attacks were recorded in just a single day last month, making it one of the most prevalent phishing scams to date.
The e-mail attack disguises malicious code behind a seemingly harmless e-greeting. This latest e-mail attack, according to proactive e-mail security solutions company Avinti, based in Lindon, Utah, is part of a recent increase in spam-like greetings that encourage users to click on a link in the body of the e-mail to view an apparently legitimate site, but instead link to malicious code, or "malware."
The latest version of this type of blended threat includes the subject line "Movie-quality ecard," and provides an e-mail address of the sender to trick the recipient into clicking on the harmful link, according to Avinti.
"Clicking on the Web site address link in the e-mail triggers an installation of one or two files on the user's machine, designed to capture user data. There is no user intervention required -- the download is automatic," says Dave Green, Avinti's c.t.o. "The e-mail appears as plain text, but most e-mail clients pick up the plain-text URL and highlight it for the user to click on. So the e-mail, as plain text, will pass through other antivirus (AV) gateways completely undetected. In case the Web address doesn't get highlighted, the e-mail also encourages users to copy and paste the URL into their browser."
The e-mails often include highlighted domains of reputable Web sites, including postcards.com, egreetings.com, netfuncards.com, hallmark.com, and 2000greetings.com.
The Greeting Card Association and the FBI have released a joint statement warning consumers of fraudulent e-mails claiming to contain an electronic greeting card from an unnamed individual such as a "friend" or "classmate."