What at first appears to be yet another mass-mailing virus, the recent spate of greeting card messages are a permission-based viral marketing campaign by Panama-based Permissioned Media Inc, according to eScan supplier Camsoft Solutions.
Within minutes of retrieving an e-card from the friends-greetings.com Web site, the entire list of contacts in the Outlook address book is mailed with a personalised greeting card message similar to the message received by the affected user - and all this with the user`s permission. The messages that are sent use both the user`s first name in the subject line as well as that of each of the unsuspecting recipients, who recognising the sender attempt to view the card by clicking on the URL provided. At this stage the recipient is advised that a card viewing program that has been digitally signed by Thawte for www.friends-greetings.com will be downloaded to their PC.
Then what appears to be just another licence disclaimer prompts the user for acceptance by selecting the "I agree" button. Closer inspection of the disclaimer reveals that the disclaimer actually informs the recipient that they are giving full permission to have their entire Outlook contacts list spammed with a personalised greeting card. Downloading and installing the card viewer program appears to interfere with the Windows settings, preventing active applications from displaying in the taskbar, which is likely to be the result of a bug in the program. Subsequent to installing the application the user is also inundated with pop-up windows advertising a range of different products and services every time the user accesses the Internet. Removing the viewer application through Add/Remove Programs doesn`t fix these problems.
According to data security company, Camsoft Solutions (www.camsoft.co.za), as this is strictly speaking a permission-based viral marketing campaign and not actually a virus, most anti-virus programs are ineffective in preventing the messages from spreading. This type of application is typical of the new breed of threats and what is really needed to combat this problem is a content-based scanner in addition to virus scanning, such as that provided by eScan, Sybari Antigen or Xamime for Linux. These products allow content filtering based on the text in the subject line and message body, types and names of attachments, the source of the message or type of file being downloaded and have the added benefit of incorporating an anti-virus scanner plug-in.
eScan, unlike most other data security products, scans for viruses and filters mail and downloaded files at the socket layer instead of the application layer which allows for true real-time protection against security threats.
The friend-greetings.com viral e-mail marketing campaign relies on both the inquisitiveness and trust of users who in the first instance want to view a card sent to them by a colleague and then too readily accept the terms and conditions of doing so. There`s no doubting the ingenuity of such a campaign and whether it is winning the authors any friends of their own is debateable, but at least they are managing to get plenty of media coverage.
For more information on combating security threats such as mass mailers and viruses, contact damon@camsoft.co.za.
Share
