eCard Virus / Postcard Alert
Posted Under: Greeting Card Virus, PC Security, malware
The emails containing a virus link are continuing with their annual rounds.
There are many variations, most of which are listed further down this article.
As always, there are also many hoaxes going around at the same time, and people act upon the information by forwarding on to all of their contacts.
See bottom of article for information on 'Invitation virus hoax.'
This particular one prompts you to download your ecard from American Greetings.
e-cards are viewed online NOT downloaded, if you receive one of these DELETE it immediately. Under no circumstances open it.
The person sending these was using tinyurl.com as a disguise and has since been removed from their network. It is only a matter of time before this individual appears with a site elsewhere.
This one was released for Valentine’s Day in the hope that recipients believe they have a secret admirer, others have followed since.
From:E-cards Online (americangreetings.com)
Subject: You have received an e-card from someone who loves you!
Contents:
Dear friend,You have received an e-card from someone who is thinking of you but who is far away.
See what your friend want to express.
Download your e-card here :
https://*******************.com/online/*********** (link removed by Admin)
Hope you enjoy your e-card !
best regards,
American Greetings E-cards !
If you open this it will attempt to download a file to your computer which is infected with a Trojan.
American Greetings is a genuine ecard provider and is largely used by Yahoo users who can access free e-cards through their Yahoo account.
I picked it up using a link scanner and can confirm that this one is NOT a hoax but is a very real danger to anyone downloading it.
********************
There is another email circulating with just a link contained in the body, the link is something like this:
http://81.***.***.***/
Came from: federated*******fl.6ht@jmmdhs.com
With subject line: Lovetrain
This then forwards you to
http://81.***.***.***/valentine.exe
********************
Another example:
***** has sent you an ecard.
To view your ecard, Click on the following link:
http://www.americangreetings.*********.com
Please do not reply to this email.
Thank you!
Your friends at AmericanGreetings.
This one prompts you to install the following add-on 'Adobe Flash Player'
Please remember that ecards are NOT downloaded and any such emails should be deleted. Also ensure that all of you security is updated and patches installed.
********************
Another example:
From: postcards1001
You just recieved an electronic card!
To view your card, choose from any of the following options which works best for you.
--------Method 1--------
Just click on the following Internet address (if that doesn't work for you, copy & paste the address onto your browser's address box.)
http://cards.*********************.com/
--------Method 2--------
Copy & paste your card number in the view card box at http://www.greet**********.com
Your card number is ZBM80616180922460 (For your convenience, the greeting card will be available for the next 30 days)
Webmaster,
http://www.greet**********.com
********************
Update August 2008:
New versions are being sent out:
Subject line: You've received a greeting eCard
From: greetingcard.org
Good day.
You have received an eCard
To pick up your eCard, choose from any of the following options:
Click on the following link (or copy & paste it into your web browser):freaky-*****.de/e-card.exe
Your card will be aviailable for pick-up beginning for the next 30 days.
Please be sure to view your eCard before the days are up!
We hope you enjoy you eCard.Thank You!
www.greetin*****.org
These contain a link for users to click which then starts to download a trojan in the .exe file, do NOT click these links.
********************
Other known subject variations used for these emails include:
You've received a Hallmark E-Card!
You've received a greeting eCard
You've received a greeting card from a school-mate!
You've received a greeting ecard from a class mate!
You've received a greeting ecard from a neighbour!
You've received a greeting postcard from a partner!
You've received a greeting postcard from a worshipper!
You've received a postcard from a family member!
You've received a postcard from a neighbour!
You've received a postcard from a worshipper!
You've received an ecard from a colleague!
Class-mate sent you an ecard from vintagepostcards.com!
Colleague sent you a greeting ecard from postcardsfrom.com!
School mate sent you a greeting ecard from greetingcard.org!
Family member sent you a postcard from dgreetings.com!
Neighbour sent you a greeting ecard from NetFunCards.com!
School-mate sent you an ecard from mypostcards.com!
Worshipper sent you an ecard from greetingcard.org!
Colleague sent you a postcard from egreetings.com!
Neighbour sent you a greeting ecard from all-yours.net!
School friend sent you an ecard from postcards.org!
Holiday e-card
Movie-quality e-card
Love postcard
Birthday e-card
Thank you card
Musical postcard
Funny postcard
All links have been disabled by Admin for your safety.
ALL of the links within these emails require an instant download in the form of an exe file.....there is NO e-card and there is NO site, just an executable file which contains a Trojan and another that contains a Worm.
Please ensure that your antivirus is regularly updated and has a realtime monitor included.
If you have downloaded this scan with your antivirus and also use the Windows Malicious Software Removal Tool.
Also scan with Malwarebytes Antimalware
Readers should take care not to confuse the real postcard/greeting card virus with the 'Virtual Card for You' hoax that has been in circulation for a number of years.
Invitation virus hoax:
Get this E-mail message sent around to your contacts ASAP.
PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS!
You should be alert during the next few days.
Do not open any message with an attachment entitled 'Invitation' OR one called 'Postcard', Regardless of who sent it to you.
It is a virus which opens an Olympic Torch OR A POSTCARD IMAGE, which 'burns' the whole hard disc C of your computer.
This virus will be received from someone Who has your e-mail address in his/her contact list.This is the reason why you need to send this e-mail to all your contacts.
It is better to receive this message 25 times than to receive the virus and open it.
If you receive a mail called 'Invitation' even though sent to you by a friend, do not open it.
Shut down your computer immediately.
This is the worst virus announced by CNN. It has been classified by Microsoft as the most destructive virus ever.
This virus was discovered by McAfee yesterday, and there is no repair yet for This kind of virus.
This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept.
********************
The related viruses do NOT burn or zero your hard drive! They turn your computer into an attacker bot in an attempt to collectively bring down servers or cause widespread Denial of Service in which hundreds or thousands of computers requests files from a server at the same time. Also bear in mind that normally only unpatched Windows-based systems are vulnerable, as these have been doing the rounds for several years and updates now protect those that install updates regularly.
Related Posts:
Valentine's Day eCards - Will You Be A Victim - January 2009
eCard Virus Removal - August 2008
Have You Received a Postcard/eCard?
Surf Safer, Surf with WOT - Click Here or the links below
Web of Trust for Internet Explorer
Web of Trust for Firefox
Web of Trust for Google Chrome
Free PC Security, eCard Virus, Greeting Card Virus, Denial of Service (DoS)
