Sunday, December 09, 2007

Attention with e-cards!

It is the season to be wary. Sadly, malware authors are quick to seize on current events to cloak their social engineering attacks -- which typically involve tricking people into clicking on a malicious link or visiting a malicious Web page -- in an aura of legitimacy. So it seams again that the holiday season brings a surge in holiday-oriented scams as already new malware oriented e-cards started to appear.
Some of these e-cards are purportedly sent from a legitimate source and try to lure the victim to click on the link to view the e-cards, which have underlying tricks to try and infect the computer. With the Xmas bells starting to ring, the first incidents started to appear already. While these e-cards may appear to come from a familiar brand name, the "From:" field is forged. And the spammer responsible, perhaps aware that e-cards have acquired an air of disrepute, has even gone so far as to include the phrase "(no worm, no virus)" in the e-card's text, as if such an assurance made the message safe. ;-)

So in short, don't send fancy e-cards, just use plain text messages! They are much safer and to my opinion much nicer ... If everybody would do this, it could create at least a little bit a more safer internet.