I still remember the first time someone sent me an electronic greeting card. It was kind of hokey but it really brightened up my day. Sending one back was convenient, fun and best of all, free. Unfortunately, someone has recently launched an aggressive campaign that combines the worst aspects of spam and malicious software and is exploiting the popularity of e-cards. The hacker is using pre-packaged software to spam millions of messages across the internet that read with some variation of "You have received an ecard from" a school mate, a colleague or a family member.

If you open the message, you’ll see a standard text-only message describing the e-card and offering you a link to a website where you can download your e-card. The messages claim to be from any of several legitimate ecard websites but in the versions that I’ve seen, the link is a raw IP address (such as http://12.345.67.89), not a domain name (www.example.com). Other versions may get more sophisticated and cover the IP address with a fraudulent domain. The IP addresses trace back to hundreds of different owners. My suspicion is that these are individual machines which have been hijacked as part of someone’s botnet.

Opening the email won’t do anything immediately bad to your computer (other than waste your time) but following one of the links is another story. Do not under any circumstances follow these links. Merely opening the page will trigger the download of a particularly nasty computer trojan horse which will then attempt to download even more malicious software onto your machine.

If your anti-virus program is up-to-date and running, it should catch and stop this trojan. However, if you get any kind of alert or think that you might have triggered one of these downloaders, you should run a full virus scan on your system. Call your IT department for instructions. Never open a message from an unrecognized sender and never open an attachment or follow a link in a message that you were not expecting.

Note: If you think the email card might be legitimate, you can check by opening a browser and typing the address of the greeting card company (for example, www.hallmark.com or www.bluemountain.com) and follow the instructions on the site to ‘pick up an e-card’. This will usually involve entering the email address of the sender and a confirmation number from the email. If the message was legit, it will show up on the website. As long as you type in the address yourself (rather than following a possibly faked link) and you’re going to a major company that you trust, it should be safe to check.

Leave a Reply