Fake E-card message?

[pob14]

I keep getting these messages from a .hk domain that say:

Quote:

Good day.

Your family member has sent you an ecard from *****.hk.

Send free ecards from *****.hk with your choice of colors, words and music.

Your ecard will be available with us for the next 30 days. If you wish to keep
the ecard longer, you may save it on your computer or take a print.

To view your ecard, choose from any of the following options:

--------
OPTION 1
--------

Click on the following Internet address or
copy & paste it into your browser's address box.

http://*****

--------
OPTION 2
--------

Copy & paste the ecard number in the "View Your Card" box at
http://*****.hk/

Your ecard number is
******

Best wishes,
Postmaster,
*****.hk

*If you would like to send someone an ecard, you can do so at
http://****.hk/

Now, as it happens, we do have a family member who travels to Hong Kong fairly often, but she's not in HKG now, and the "your family member" language (instead of an actual name) would make me suspicious anyway. So I've just been deleting these. (Not even a little tempted to "take a print"!)

But does anybody know what's up with this? Are they some marketing thing, a virus, or what? A search for the domain name (which I've deleted above) shows nothing.

[Ariadne]

I don't know, but I got one of these recently, too. I deleted it, since it was on my free excite account, on which I get mostly junk mail. My family and friends use my msn account.


ETA:
Woohoo...500th post!

[justusfour]

I've received 8 of those in the past two weeks - not to the same email address but to 3 of the "junk" email addresses I use. I am curious as to what happens, but I'm not about the be the guinea pig!

[James G]

Yep, had a couple of those myself. Deleted it but was vaguely curious as it didn't look like the usual fake E-card spam.

[tribrats]

Don't click the link! It starts a self downloader and the only way to stop it is to turn off the computer manually. I found out the hard way. Went to put the link in the Google bar and managed to put it in the address bar instead.

When I booted back up, I scanned the partial that did download and it was a Trojan.

[James G]

Quote:

Originally Posted by tribrats

Don't click the link! It starts a self downloader and the only way to stop it is to turn off the computer manually. I found out the hard way. Went to put the link in the Google bar and managed to put it in the address bar instead.

When I booted back up, I scanned the partial that did download and it was a Trojan.

Eeep, I'd probably be safe as I use Opera, but even so that shouldn't be happening even in IE. Seems like it must be exploiting some unpatched flaw, I wonder if MS know.

[tribrats]

It's worse than that! I use Mozilla! I couldn't stop the download. It kept right on going no matter what I did. I haven't seen anything like it before. I opened the downloads window and it wasn't on there. I couldn't find a way to end the download! I probably could have if I found it on the Task Manager but I didn't want to wait for it to come up. Everything was running so slow. So I manually turned it off.

[Fantine]

I've gotten five or six of those in the past week on my work e-mail (set up on Outlook), and immediately deleted them. I didn't recognize the domain, it didn't specify the name of the family member, and most importantly, my family doesn't have my work e-mail address!

[James G]

Quote:

Originally Posted by tribrats

It's worse than that! I use Mozilla! I couldn't stop the download. It kept right on going no matter what I did. I haven't seen anything like it before. I opened the downloads window and it wasn't on there. I couldn't find a way to end the download! I probably could have if I found it on the Task Manager but I didn't want to wait for it to come up. Everything was running so slow. So I manually turned it off.

Wow, that is bad. Possibly an exploit in flash or something.

You know the really silly thing is that this is making me even more tempted to check out the site and see if I'm vulnerable.

'Mummy, I want to see the nasty trojans. Awww, why can't I see the malware?'

[KathyB]

A bit of Googling results in this: this is an ongoing deal. Various legit ecard companies get their name used in the email. It installs Storm Worm according to the techies at Wright State University

[zman977]

I've get at least one of these a day at home and at my work email. I just delete them.

[tribrats]

I have been getting them from "a family member" and the other day I got one from "a colleague". Yeah, right! I'm a SAHM so the only "colleague" I have is Hubby and he can barely figure out how to turn the machine on much less send anything!

[STF]

I've heard that fake e-cards are an effective tool for hackers as this thread shows.

[charlie23]

I manage a couple of PHPbbs boards, and I'm getting about 10 of these per day presumably from a spambot that I can't figure out how to block. Fortunately Kaspersky caught the first one...although it was a different Trojan than Storm. I've filtered the rest by subject line. Be careful, because there seem to be a lot of variants on the hijacker.

http://asert.arbornetworks.com/2007/...tcard-malware/ has a good explanation of what happens with or without JavaScript if you click a link in one of those emails. There are some related links at the bottom of that page for those who want to learn more.

[tribrats]

Got one today from "a classmate". I can't think of a single classmate that would send me an ecard. Especially 17 years after graduation!

[BlueStar]

Got one today from a "neighbour". Dunno why the crazy cat lady next door wouldn't just pop round but hey.

[BluesScale]

If you get any of these that you think are malicious, please feel free to forward them to me and I will make sure that they are investigated and, if possible, taken down.

My non-work email address is markalong64@hotmail.com

Yes, I WANT you to send me links to malware :-)

Thanks

Blues

[Bee]

Hey, I received one from a worshipper!! I didn't know I had any of those!

I've been getting 2-3 a day lately, but this one takes the cake.

Bee

[pob14]

Quote:

Originally Posted by BluesScale

If you get any of these that you think are malicious, please feel free to forward them to me and I will make sure that they are investigated and, if possible, taken down.

My non-work email address is markalong64@hotmail.com

Yes, I WANT you to send me links to malware :-)

Thanks

Blues

I'm getting several a day as well. You want 'em, you got 'em!