Advertisement
Promo

Industry watch Toolkit

Warning over e-card spam scam

Graham Hayday Silicon.com

Published: 25 Oct 2002 16:59 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

An e-card outfit has been accused of using a dubious social engineering trick to lure users into spamming all the contacts in their Outlook address book.

FriendGreetings.com has been sending out emails containing a link to its site. When a user clicks on it, they are invited to install an ActiveX control in order to view their e-card.

Two long end user licence agreements (EULAs) are then displayed which say that, by running the application, the user is giving permission for a similar email to be sent to all the contacts in their Outlook address book.

Several security companies including Integralis, MessageLabs and Sophos are warning that these EULAs will not be read by many visitors to the site, leading to a huge number of emails being sent.

Neither the email nor the program contain a virus and so may not be blocked by anti-virus software or firewalls. It is also open to debate whether FriendsGreetings.com is breaking the law.

Integralis said that since this spamming tactic has been employed once and is proving to be successful, it is likely that it will be copied and used again -- possibly to more damaging effect.

"Such methods of guerrilla marketing can pose a threat to an IT infrastructure by causing the mail server to flood as more and more employees open the link and download the software," the company said in a statement.

It added: "In this particular instance, the payload was not malicious but it would be easy to exploit the characteristics of this marketing exercise for just that purpose. In the run-up to the festive period, during which time the level of 'e-cards' being circulated will inevitably increase, companies need to be on guard against the potential threat that this poses to their organisation".

IT departments should warn users to read the terms of EULAs carefully before accepting them, Integralis said.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
29 out of 76 people found this useful


Talkback

Post a comment


Full Talkback thread

3 comments

  1. How can you tell if this is on your computer? If... Anonymous
  2. IF THIS IS ON MY COMPUTER, HOW CAN I TELL? IF IT... Anonymous
  3. I need to know the answer to this, too. Would any... Anonymous

Related Links

More In Industry watch


Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

Security Manager

Inside Sales Executive

Securtiy Analyst. West Malling, Kent.

Discussions

Xwindowsjunkie Xwindowsjunkie

Yeeeaaaaaaaaaah!!!!!!!!!!!!

Friday 10 July 2009, 3:49 AM

9 comments
hkommedal hkommedal

It is nice to see a hope for some comp...

Thursday 9 July 2009, 10:31 PM

3 comments
hkommedal hkommedal

About collecting data etc.

Thursday 9 July 2009, 10:18 PM

9 comments
Moley Moley

Re: Privacy Issues

Thursday 9 July 2009, 8:15 PM

9 comments

View All

Video icon

Video

Featured Talkback

When all is said, if Microsoft produce the best product people will buy it and thats a good thing. If people have to buy their product because no one else can produce an alternative, only because interoperability protocols are kept secret, then thats a bad thing.

By: pround

Read full story:
EU court crushes Microsoft's antitrust appeal


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters