Now that everyone's getting savvy to the e-card worms trying to spread themselves by getting people to click links that load malware onto their computers, attackers are working against those fears to get you to click their malicious links.
The newest round, reported to me yesterday by a reader named Jody, comes with subject lines indicating that you have the e-card virus and need to click a link to clean it off your computer. But when you click the link, you get a malicious program called a "back door" which allows attackers full control over your computer so they can log your keystrokes or use your computer as a Spam relay.
Yesterday, Australia Cert said they've observed 50 malicious sites that these links lead to, which we all know is just the tip of the iceburg. So whatever you do, DON'T CLICK LINKS IN UNSOLICITED E-MAILS.
And, while you're at it, KEEP YOUR BROWSERS PATCHED and up to date, as most of this malware loads through known vulnerabilities in the browser.
The original e-card scams come with subject lines claiming you have an e-card sent by: Class-Mate! School Mate! Worshipper! Neighbour! Mate! Family Member! Colleague!Friend! Partner!
In Jody's case, the subject line read "concerning greetingcard.org," and the mail claimed to be from McAfee Virus Scan E-mail Scan."
The body of Jody's message said:
McAfee VirusScan E-mail Scan has detected a potential threat in this e-mail sent by "greetingcard.org"
with the subject You've received a greeting card from a School-mate!.
This e-mail has been quarantined.
We strongly recommend that you report this suspect activity
Auscert lists a different subject line: "Virus Detected!" and a body that says:
Our robot has detected an abnormal activity from your IP adress on sending e-mails. Probably it is connected with the last epidemic
of a worm which does not have official patches at the moment
We recommend you [URL] to install this patch to remove worm files
and stop email sending, otherwise your account will be blocked.