From the Actrix Online Informer August 2007

by Rob Zorn

You've received a nasty postcard

You may have noticed you've been getting the odd e-mail lately claiming that someone you know (a school mate, friend, partner, neighbour, family member - or even a worshipper) has sent you a postcard. All you have to do is click the link provided to be taken to it. The e-mails claim to come from either Hallmark, Riversongs, Ecards, Greetings123 or some other variant.

Unfortunately, you're not as popular as you might think. In fact these e-mails are malicious attempts to get recipients to click links that will take them to websites where an attempt will be made to install a variant of the Storm Trojan. If Storm is successfully installed on your computer, it will open up a door allowing your computer to be remotely controlled by someone else. Your machine will become what is known as a 'zombie' and will be used to send spam or more fake greeting card notifications to others.

There are a number of legitimate sites that offer this sort of service where a postcard can be created and a link sent by e-mail to a friend, and these fake notifications are designed to imitate such services in order to catch the unsuspecting out. The legitimate ones usually let you know who the person is who sent you the postcard, but you'll notice all the fake ones are conveniently anonymous.

Our spam and virus filters are filtering out most of them, but all sorts of tricks are used by the senders of these e-mails, so a number of them may make it through to you.

If you have good antivirus or firewall software installed and it is up-to-date, the websites probably won't be able to install the Trojans on your computer, but even so, you should never click the links in these e-mails.

You can expect that this sort of thing will evolve over the next few months as other spammers and zombie lords jump on the bandwagon, and especially as this scam becomes widely known. The greeting cards may stop and be replaced by some other unsolicited notification requesting you to click a link. Make it your practice never to click anything in an e-mail that has come to you uninvited, or from someone you don't know.

Lastly, these spammer-scammers only go to the trouble of doing all this because they know there are plenty of people out there with unpatched, unprotected computers. Make sure you aren't on of these.  Make sure your Windows firewall is turned on if you haven't got a good proprietary firewall installed. There's also lots of free antivirus software online that does the trick without a lots of bells and whistles such as AVG ( Remember, too, that Actrix will soon be introducing the CA Security Suite, an excellent suite of security programs such as antivirus, anti-spam, firewall, parental controls etc. You can read more about that in our recent June Online Informer.


Copyright 2007 Actrix Networks Limited | Contact: