Greeting card virus brings bad tidings
Published: 13 Nov 2002 12:28 GMT
The FriendGreetings electronic greeting card, which has all the hallmarks of a mass-mailing computer virus and was first reported here, is raising the hackles of the Internet community.
The email misleads a victim into downloading an application -- ostensibly to view a Web card -- then sends itself to every email address in the victim's Outlook contacts file. At least a few systems administrators have complained in Usenet postings that the mass-mailing e-card was to blame for swamping their network.
Yet the creators -- Permissioned Media, a company apparently based in Panama -- will be hard to prosecute: the viral card is protected by a licence agreement that tricks unsuspecting users into clicking "Yes" and consenting to have the program send itself to all their email contacts.
"They are deliberately trying to hide something in a wrapping that they know people won't read," said Vincent Gullotto, vice president of security company Network Associates' antivirus emergency response team.
Without the licence agreement, the program would be considered a virus, but with the code wrapped in what could be a prosecution-proof vest, Gullotto is careful to avoid the term. "The unofficial name we have for it is a fishy program," he said.
The power of a button-click to transform a virus into a legal -- albeit questionable -- program has some attorneys worried that future Internet attackers could get protection using one of the software industry's best weapons: the click-wrap licence.
"This is a legal hack," said Jennifer Granick, a lawyer and clinical director for the Stanford University Center for Internet and Society. "It really raises the problems of online licensing and contracting. Companies haven't wanted to admit (that problems exist), because they get to write the licences and it benefits them."
The viral e-card is just the latest example of questionable software. In April, Kazaa users inundated Brilliant Digital Entertainment with complaints when they discovered that the most recent version of the company's 3D ad technology software, which is bundled with the Kazaa file-sharing program, contained licensing terms that allowed the company to claim "unused computing power and space" on a person's PC.
Another program, Gator, which tracks users and tailors ads to them, had been roundly criticised by users and advertisers alike.
Is it illegal?
However, if protected by a properly crafted licence, such applications aren't actually doing anything that's legally considered wrong. In the precedent-setting case Specht et al. vs Netscape Communications, the court found that two tests must be satisfied for a licence to be binding: the user must be aware of the licence, and the user must be required to accept it in some way.
The licence included in Permissioned Media's FriendGreetings e-card passes both tests.
The viral Web greeting card attracts users with an email masquerading as a message from an acquaintance and stating that an e-card awaits at a Web site, such as "Friendgreetings.com" or "Friend-card.com." The email contains a link that, when clicked, will begin to download the infectious program. A dialogue box says the program is necessary to view the e-card.
The installer requires that the user accept two end-user agreements that contain the following text, among other legalese: "As part of the installation process, Permissioned Media will access your MicroSoft(r) (sic) Outlook(r) Contacts list and send an email to persons on your Contacts list inviting them to download FriendGreetings or related products."
Many companies have already blocked access to Friendgreetings.com, but Permissioned Media has repeatedly changed the site's address and sent out a new batch of unsolicited email to users.
"It's getting sneakier," said Alex Shipp, senior antivirus technologist for UK-based email service provider MessageLabs. The latest iteration of the email -- the fifth, said Shipp -- caused a spike in the number of messages blocked by the company's anti-spam filter this past weekend.
Yet, the licence gave Shipp pause. "It's a very difficult call," he said. "It behaves exactly like a virus but because it has this disclaimer, some companies think they could get sued if they stop it like a virus."
In 1998, some antivirus companies started blocking a utility called NetBus, which allowed an administrator to control a remote system. Like BackOrifice, the utility soon became a favourite way for hackers to send commands to systems over which they had gained control. However, when the program's creator decided to start a company to sell the product, he hired a lawyer to go after any company that blocked the tool.
"Antivirus companies learned that they have to be careful what they block," Shipp said.
This time the lesson may be different, however; click-wrapped viruses may spotlight the flaws in the system.
The laws under which online vandals and cybercriminals are prosecuted specify that intrusions into computer systems have to be unauthorised. Yet, a Trojan horse or virus wrapped in a click-accept licence could make the access authorized, and therefore not a crime.
"The question is that, when most people admit they don't read them, can licenses really give authorisation," said Stanford's Granick. "If you are a prosecutor in a cybercrime case, you argue not."
But courts may have a tough time justifying that what goes for Microsoft and Brilliant Digital shouldn't also go for any other programmer, including a virus writer, Granick points out.
Not everyone is so sure, however. Network Associates' Gullotto wouldn't bet just yet that the laws are what will be altered. Users might just have to adapt instead, he said.
"Times are changing," Gullotto said. "People have to know what they are opening up in email."
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
47 out of 75 people found this useful
- Share this article:
