Press Releases

Browse our press release archive

24 Oct 2002

Friendly Greetings? You might be spreading unwanted email - Sophos advises on new email nuisance

Sophos technical support has received a significant number of calls from customers concerned about a widespread email which invites users to pick up an "E-Card" from a website called either FriendGreetings.com, friend-greetings.com or Cool-Downloads.com.

If users follow the link in the email, they are invited to install an application onto their computer. Two lengthy end-user license agreements (EULA) are displayed, the second of which states that by installing the application the user is giving permission to send a similar greeting card to all addresses found in the user's Outlook address book.

Message

Of course, many users will not read the EULA with enough attention and simply give permission for the application to be installed, and thus the emails will be sent.

The emails arrive with the following characteristics:

Subject: <Recipient name> you have an E-Card from <Sender name>

Body:

Greetings!

<Sender name> has sent you an E-Card - a virtual postcard from FriendGreetings.com. You can pick up your E-Card at the FriendGreetings.com by clicking on the link below.

<A url at www.friendgreetings.com is then displayed>

Message:
----------------------------------------------------------
<Recipient name>
I sent you a greeting card. Please pick it up.
<Sender name>
----------------------------------------------------------

It should be noted that this is not a virus or a worm, and that the email has no attachment.

"Of course, it's each user's decision whether they want to run a program like this on their computer. But users should read terms and agreements very carefully before installing any program," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "This application could be considered a nuisance because of the large amount of unwanted email it could potentially generate."

MailMonitor for SMTP (Windows and Linux/Intel) users can block the emails at their gateway by using the blocked subject lines option. User should add the following:

*you have an E-Card from*

to their configuration file. Further information about using this and other threat reduction features in MailMonitor for SMTP can be found in the user guide.

Customers with web proxies who are concerned about users forwarding unwanted emails may like to consider blocking access to www.friendgreetings.com, www.friend-greetings.com and www.Cool-Downloads.com. The websites are run by a Panamanian company called Permissioned Media, Inc. Companies who receive unwanted email as described above may wish to complain directly to Permissioned Media.

Sophos recommends companies consider blocking access to non-work-related websites, and educate users to check with their IT department before installing unauthorised code onto their computers.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.