Computer Security

Sneaky Spyware Installer


I just got a new email designed to trick me into going to a website (and possibly installing spyware) – this one designed to look like one of those “you have recieved an on-line greeting card” emails…

Dear Somebody.

Al at sent you an e-card
“Inspired Note” from greeting-cards.com!

There are 3 ways to view the e-card.

1-Simply click the link below.
link removed

2-Copy and paste the link above into your browser’s address window.

3-This is your e-card code: n-yWKyqwg3wP
Go to link removed. Scroll down to the “e-card pickup”
window. Just enter the e-card code and click “go”. For best results, copy
and paste the e-card code.

Hope you enjoy our e-cards! Spread the love and send one of our e-cards!

Brought to you by link removed – a better way to greet!

How did I know it was a scam? Here’s how

  1. If someone had really sent me a greeting card, it wouldn’t be addressed “Dear Somebody”
  2. The links to the website actually map to 84.65.117.14, not the website given (which further investigation indicates to be a single PC on the POL.CO.UK isp run by Energis) – more than likely one of many infected by a trojan to become part of a botnet sending these out and serving up spyware to it’s unwitting victims
  3. The e-card code given doesn’t match the one in the URL
  4. the second line doesn’t make sense “Al at sent you an e-card”
  5. Getting into the mail headers – they’re faked to appear it was sent by a Compuserve account – not likely for a POL.CO.UK user, or an on-line card company

However I’ll admit, this one was so good I almost fell for it, it sailed right through my mailservers checks – I didn’t click through it – but it didn’t immediately scream out to me “Danger”.

I’ll investigate a bit more when I’m at home (and can do so using Lynx – a text only browser running on my Linux machine) – but if you follow the rules for staying safe, you will… remember

  • Never click a link in an email, ALWAYS cut and paste to your browser or even better, retype it
  • If when you hover your mouse over the link, the address in the status bar doesn’t match – be very wary, especially if it’s numeric!
  • Read the email – think about the wording “Dear Somebody” isn’t a greeting from a friend
  • Keep your firewall, antivirus software and spyware scanner up to date, and use them frequently.
  • If you’re not protected by all 3 types of software – you’re not protected at all. There’s plenty of free stuff available however I chose to pay – I use Norton Antivirus, Adaware (registered edition) and the Windows XP firewall in conjunction with a hardware firewall. If you don’t have a strong hardware firewall, get a decent software one.
  • Even with all this protection in place, stay vigilant – things can still slip through the protection you have (this one did, although I’ll be amending the anti-spyware rules on my mail server later to trap this one)
  • Don’t use Internet Explorer – I don’t know the details of which exploit this nasty was going to use to install itself – but IE is far more vulnerable to this kind of thing than Firefox or Opera (or for that matter Safari on the Mac)
  • Keep your PC up to date – Service Packs, Patches, Windows Updates, Antivirus and AntiSpyware definitions all need to be updated. Use “autoupdate” features and check they work

Stay safe out there folks – the criminals are getting more sophisticated – you need to be wise to their tactics to stay safe and not become the owner of another zombie PC sending this stuff to others.

There is a real greeting-cards.com, and it is, in all likelihood a legitimate on-line business – however this post is intending to bring your attention to the fake emails being sent in their name, and no doubt in the name of other similar services

Advertisements

2 thoughts on “Sneaky Spyware Installer

  1. Just to add to Tom’s advice, I’ve had a couple of people recently complain to me that some of the websites they visit don’t work properly in Firefox. My suggestion is to at least set Firefox as your default browser. That way, if you do end up clicking anything you shouldn’t, the damage will be minimised. Use Firefox for your everyday web browsing, and only IE (with the security set to high) for things which just don’t work in Firefox.

    – James, posting this using IE because I’m not allowed admin rights to install a decent browser on my machine at uni.

  2. Beyond even that, there’s a Firefox extension to add a right-click menu for “open this in IE” – or just use the new Netscape browser which can switch between the IE and Firefox engines (I’ve not tried this one yet, but I’m intending to).

    Oh, and just for everyone’s sanity, this website doesn;t work properly in IE… and I’m not fixing it until Microsoft produce a browser than understands CSS properly.

Comments are closed.