New Virus-Postcard from Hallmark - Off topic, but definitely pertinent

[Guest guest]

Postcard

Virus: You've Received a Postcard from a Family Member! Status: Real virus. Examples:

[Collected via e-mail, April 2008] You have just received a virtual greeting from a family member! You can pick up your greeting at the following web address: clicking the link below: http://www.123greetings.com/?a91-valets-cloud-187 If you can't click on the web address above, you can also visit E-Greetings at http://www.123greetings.com/ and enter your pickup code, which is: a91-valets-cloud-187 (Your greeting will be available for 60 days.)

[Collected via e-mail, June 2007] You've received a postcard from a family member! Good day. Your family member has sent you an ecard from notme.hk. Send free ecards from notme.hk with your choice of colors, words and music. Your ecard will be available with us for the next 30 days. If you wish to keep the ecard longer, you may save it on your computer or take a print. To view your ecard, choose from any of the following options: -------- OPTION 1 -------- Click on the following Internet address or copy & paste it into your browser's address box. http://notme.hk/?6e47840d8e117868911e6c3 -------- OPTION 2 -------- Copy & paste the ecard number in the "View Your Card" box at http://notme.hk/ Your ecard number is 6e47840d8e117868911e6c3 Best wishes, Postmaster, notme.hk *If you would like to send someone an ecard, you can do so at http://notme.hk/ Variations: Other subject lines used with this message include the following:

You've recieved a Hallmark E-Card! You've received a greeting card from a school-mate! You've received a greeting ecard from a class mate! You've received a greeting ecard from a neighbour! You've received a greeting postcard from a partner! You've received a greeting postcard from a worshipper! You've received a postcard from a family member! You've received a postcard from a neighbour! You've received a postcard from a worshipper! You've received an ecard from a colleague! Class-mate sent you an ecard from vintagepostcards.com! Colleague sent you a greeting ecard from postcardsfrom.com! School mate sent you a greeting ecard from greetingcard.org! Family member sent you a postcard from dgreetings.com! Neighbour sent you a greeting ecard from NetFunCards.com! School-mate sent you an ecard from mypostcards.com! Worshipper sent you an ecard from greetingcard.org! Colleague sent you a postcard from egreetings.com! Neighbour sent you a greeting ecard from all-yours.net! School friend sent you an ecard from postcards.org! Holiday e-card Movie-quality e-card Love postcard Birthday e-card Thank you card Musical postcard Funny postcard Origins: Many web sites offer a service that allows a user to send a customized "greeting card" (or "postcard") to a relative,friend, or acquaintance,delivered

as an e-mail message containing a hyperlink which the recipient follows to visit the originating site and view the card. Sending out phony e-card notifications is therefore an effective method of camouflaging viruses and inducing unwitting recipients into clicking on links that install malicious programs onto their computers. A wave of malicious messages (like the one reproduced above) sent out in June 2007 employed that very technique, arriving in inboxes bearing subject lines such as "You've received a postcard from a family member!" The messages contain URLs that recipients are supposed to visit to retrieve their e-cards, but those URLs actually point to servers hosting a variety of malware (including a variant of the Storm Trojan, "an aggressive piece of malware that has been hijacking computers to serve as attacker bots" since early 2007) that is furtively installed onto victims' PCs. (Generally, only unpatched Windows-based systems are vulnerable.) The underlying worm is the same one that has appeared in messages with subject lines as "Sending You All My Love," the "Laughing Kitty," the "Dancing Skeleton," as well as several game and music download offers. According to spamtrackers.eu:

The storm network is large enough to cut off internet access from any institution its operators choose to attack via a "distributed denial of service attack," in which hundreds or thousands of computers request files from a server simultaneously. The entire country of Estonia was brought down that way last year. The network is actually available for rent for anyone who wishes to use it to send spam, host illegal websites, or stage denial of service attacks. Storm is a serious threat for several reasons. It communicates "peer-to-peer" instead of via a "command and control" network. For that reason, you can't just disable a few computers that are feeding instructions to the others. The virus download is encrypted, so it is difficult for antivirus programs to recognize, and infected computers are updated by the peer network on a daily basis to keep antivirus programs from recognizing it once they are updated to recognize previous editions of the virus. The number of infections worldwide is massive, and a quarter of them are on major networks in the US like SBC, Comcast, and Roadrunner. That means that a bank or other business under denial of service attack can't simply block all traffic from certain segments of the internet, because it would be blocking its own users that are sharing those same internet addresses with storm infected computers as they log in and out of the internet. It is believed that Storm's operators are located in St. sburg, Russia, are known to the Russian government, and enjoy its protection. Since antivirus programs will not protect your computer, the most important thing is for people to be extremely suspicious about where they go and what they click on. Never click on any link in an email from someone you don't know. Never click on a link in an advertisement on the internet — if you want to visit that site, look up the address yourself. Since many of these malicious messages imitate notifications from legitimate e-card sites, recipients should get into the habit of never clicking on links contained within e-card notification e-mails. Instead, go directly to the web site of the card company, find the card pickup page within that site, and enter the ID code included in the e-mail. (If the message was a fake, the worst that will happen is that you won't get a card.) NOTE: Readers should take particular care not to confuse the real postcard/greeting card virus with a number of virus-related hoaxes that have been circulating for several years. A variety of messages forwarded by well-intended people to warn others about the Postcard virus contribute to this confusion by including within them links to our article about the "Virtual Card for You" hoax (or by mistakenly incorporating elements from that hoax into their warnings). Other versions of the postcard virus warning erroneously combine it with elements of the Invitation virus hoax:

Get this E-mail message sent around to your contacts ASAP. PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS! You should be alert during the next few days. Do not open any message with an attachment entitled 'Invitation' OR ONE CALLED 'POSTCARD,' Regardless of who sent it to you. It is a virus which opens an Olympic Torch OR A POSTCARD IMAGE, which 'burns' the whole hard disc C of your computer. This virus will be received from someone Who has your e-mail address in his/her contact list. This is the reason why you need to send this e-mail to all your contacts. It is better to receive this message 25 times than to receive the virus and open it. If you receive a mail called 'Invitation' even though sent to you by a friend, do not open it. Shut down your computer immediately. This is the worst virus announced by CNN. It has been classified by Microsoft as the most destructive virus ever. This virus was discovered by McAfee yesterday, and there is no repair yet for This kind of virus. This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept. COPY THIS E-MAIL, AND SEND IT TO YOUR FRIENDS. REMEMBER: IF YOU SEND IT TO THEM, YOU WILL BENEFIT ALL OF US.

BIG VIRUS COMING !!! PLEASE READ & FORWARD !!! http://www.snopes.com/computer/virus/postcard.asp Hi All, I checked with Norton Anti-Virus, and they are gearing up for this virus! I checked Snopes (URL above:), and it is for real!! Get this E-mail message sent around to your contacts ASAP. PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS! You should be alert during the next few days. Do not open any message with an attachment entitled 'POSTCARD,' regardless of who sent it to you. It is a virus which opens A POSTCARD IMAGE, which 'burns' the whole hard disc C of your computer. This virus will be received from someone who has your e-mail address in his/her contact list. This is the reason why you need to send this e-mail to all your contacts It is better to receive this message 25 times than to receive the virus and open it. If you receive a mail called' POSTCARD,' even though sent to you by a friend, do not open it! Shut down your computer immediately. This is the worst virus announced by CNN. It has been classified by Microsoft as the most destructive virus ever. This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus. This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept. COPY THIS E-MAIL, AND SEND IT TO YOUR FRIENDS. REMEMBER: IF YOU SEND IT TO THEM, YOU WILL BENEFIT ALL OF US Snopes lists all the names it could come in. Although the Postcard virus is real, it isn't a "BIG VIRUS COMING" (it's already been around in multiple forms for a long time now), it will not "burn the whole hard disc" of your computer, CNN didn't classify it as the "worst virus" ever, and it doesn't arrive in messages bearing a subject line of 'Invitation.' Additional information:

W32/Zhelatin.gen!eml (McAfee)Last updated: 14 May 2008

The URL for this page is http://www.snopes.com/computer/virus/postcard.aspUrban Legends Reference Pages © 1995-2008 by snopes.com. This material may not be reproduced without permission. snopes and the snopes.com logo are registered service marks of snopes.com.

Sources:

Einstein, . "Electronic Greeting Card Just a New Take on an Old Scam."

San Francisco Chronicle. 13 August 2007.