Feeds

Guerilla marketing tactics spawn viral fears

View a greetings card and spam everyone you know

  • alert
  • submit to reddit

The essential guide to IT transformation

Users could be induced into spamming all their contacts after a greeting card site decided to apply highly questionable social engineering tricks to its latest marketing campaign.

AV vendor Sophos
reports
receiving several calls from users concerned they have received or
sent a virus disguised as a link to a greetings card on FriendGreetings.com.

In fact the email is not viral, but the product of an online marketing initiative run by the e-card company.

Users following the link are invited to install an ActiveX control in order to view their e-card. Two lengthy end user licence agreements (EULAs) are displayed stating that by running the application the user is giving permission for a similar email to be sent to all addresses found in a users's Outlook address book.

The concern is that in many cases, users will not bother to read the EULA and will allow numerous unwanted emails to be sent.

"A flood of unwanted emails can be as much of a problem as a genuine virus. This isn't a virus, or a worm - but it could be considered a real nuisance," said Graham Cluley, senior technical consultant at Sophos.

Security integrator Integralis warns that the guerrilla marketing tactics used by FriendGreetings.com could easily be applied to spread more malicious payloads.

As the message takes the form of an e-card, users do not suspect that clicking onto the link will result in anything untoward occurring, it points out. Since the link is sent by someone a user knows the process could easily to applied to induce more gullible users into loading viral code.

Businesses need to implement policies and technologies to prevent employees from downloading potential malicious content from the Internet, Integralis recommends. A good first step in this process would be to consider barring employee access to FriendGreetings.com, security firms advise. ®

External Links


Stats on the spread of the 'greeting card mass mailer'
by mail filtering firm MessageLabs. MessageLabs are blocking all emails associated with the program FriendGreetings.com is distributing.
Write up on the issue by AV vendor Sophos

5 things you didn’t know about cloud backup

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.