Sophos technical support has received a significant number of
calls from customers concerned about a widespread email which
invites users to pick up an "E-Card" from a website called either
FriendGreetings.com, friend-greetings.com or
Cool-Downloads.com.
If users follow the link in the email, they are invited to
install an application onto their computer. Two lengthy end-user
license agreements (EULA) are displayed, the second of which states
that by installing the application the user is giving permission to
send a similar greeting card to all addresses found in the user's
Outlook address book.
Of course, many users will not read the EULA with enough
attention and simply give permission for the application to be
installed, and thus the emails will be sent.
The emails arrive with the following characteristics:
Subject: <Recipient name> you have an E-Card from
<Sender name>
Body:
Greetings!
<Sender name> has sent you an E-Card - a virtual postcard
from FriendGreetings.com. You can pick up your E-Card at the
FriendGreetings.com by clicking on the link below.
<A url at www.friendgreetings.com is then displayed>
Message:
----------------------------------------------------------
<Recipient name>
I sent you a greeting card. Please pick it up.
<Sender name>
----------------------------------------------------------
It should be noted that this is not a virus or a worm, and that
the email has no attachment.
"Of course, it's each user's decision whether they want to run a
program like this on their computer. But users should read terms
and agreements very carefully before installing any program," said
Graham Cluley, senior technology consultant for Sophos Anti-Virus.
"This application could be considered a nuisance because of the
large amount of unwanted email it could potentially generate."
MailMonitor for SMTP (Windows and Linux/Intel) users can block
the emails at their gateway by using the blocked subject lines
option. User should add the following:
*you have an E-Card from*
to their configuration file. Further information about using
this and other threat reduction features in MailMonitor for SMTP
can be found in the user
guide.
Customers with web proxies who are concerned about users
forwarding unwanted emails may like to consider blocking access to
www.friendgreetings.com, www.friend-greetings.com and
www.Cool-Downloads.com. The websites are run by a Panamanian
company called Permissioned Media, Inc. Companies who receive
unwanted email as described above may wish to complain directly to
Permissioned Media.
Sophos recommends companies consider blocking access to
non-work-related websites, and educate users to check with their IT
department before installing unauthorised code onto their
computers.
Further reading:App/Frgreet-A
analysis
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.