Feeds

Guerilla marketing tactics spawn viral fears

View a greetings card and spam everyone you know

  • alert
  • submit to reddit

Protecting against web application threats using SSL

Users could be induced into spamming all their contacts after a greeting card site decided to apply highly questionable social engineering tricks to its latest marketing campaign.

AV vendor Sophos
reports
receiving several calls from users concerned they have received or
sent a virus disguised as a link to a greetings card on FriendGreetings.com.

In fact the email is not viral, but the product of an online marketing initiative run by the e-card company.

Users following the link are invited to install an ActiveX control in order to view their e-card. Two lengthy end user licence agreements (EULAs) are displayed stating that by running the application the user is giving permission for a similar email to be sent to all addresses found in a users's Outlook address book.

The concern is that in many cases, users will not bother to read the EULA and will allow numerous unwanted emails to be sent.

"A flood of unwanted emails can be as much of a problem as a genuine virus. This isn't a virus, or a worm - but it could be considered a real nuisance," said Graham Cluley, senior technical consultant at Sophos.

Security integrator Integralis warns that the guerrilla marketing tactics used by FriendGreetings.com could easily be applied to spread more malicious payloads.

As the message takes the form of an e-card, users do not suspect that clicking onto the link will result in anything untoward occurring, it points out. Since the link is sent by someone a user knows the process could easily to applied to induce more gullible users into loading viral code.

Businesses need to implement policies and technologies to prevent employees from downloading potential malicious content from the Internet, Integralis recommends. A good first step in this process would be to consider barring employee access to FriendGreetings.com, security firms advise. ®

External Links


Stats on the spread of the 'greeting card mass mailer'
by mail filtering firm MessageLabs. MessageLabs are blocking all emails associated with the program FriendGreetings.com is distributing.
Write up on the issue by AV vendor Sophos

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.