Attachment Threats: Malware from e–cards
February 1, 2010 | By Damon Armour, IT Security Officer
A series of emails went out to campus users recently that appeared to be Hallmark e-cards. In actuality, they were coming from computers on campus that had been infected by malware, which is software designed for malicious purposes. The email originators were hoping the recipients would click on the embedded links and download malware instead of greeting cards. In this case, the bad guys were trying to take advantage of the reputation of Hallmark to entice the recipients to click.
The January incident began with the exploitation of a couple of individual’s computers then spread to countless users across campus. The malware appears to take advantage of a user’s address book to send out replications of the e-card message. Therefore, those who clicked on the attachment and opened it started the process over again. It only takes a few users to have this quickly spread across the campus.
Once Information Technology Services (ITS) was notified and recognized the incident, steps were taken to lessen the spread of the outbreak. ITS identified the infected computers and took the necessary steps. These steps included disabling network access for these systems and in-person or over the phone, assistance to remove the malware.
The challenge in an incident such as this is the communication of what to click and what not. This incident provides an excellent example that all items in your inbox from unknown sources should be looked at with caution. That same day, along with the “Hallmark e-card” messages, we saw examples of fraudulent Amazon offers and Twitter Hi5 invitations. This was just an expansion of the exploiters’ net to catch more.
Hallmark has had cases of e-card fraud over the last year or two and has posted a useful site to assist users. This site can be found at: http://www.hallmark.com/webapp/wcs/stores/servlet/article|10001|10051|/HallmarkSite/LegalInformation/FAQ_ECARD_FRAUD_ALERT
There are three major items discussed on its site for your protection. One is that Hallmark does not send attachments in their e-cards. Secondly, its messages will not use generic terms, but will actually contain the name of the person sending you the card. Lastly, the URL (web address) within a Hallmark card will reference a Hallmark website and not redirect you to another third-party site. Armed with this knowledge, many cases of e-card fraud can be avoided.
Another method of mitigation is to make sure your anti-virus and anti-spyware tools are up-to-date. On campus, your computer will receive the updated definitions that make your tools effective in most cases. But in other cases, such as our mobile users or at-home systems, careful evaluation of your status may be necessary. If you are unsure how to check the status of your anti-virus and anti-spyware tools, please contact the ITS Help Desk (706-737-1482) for assistance.
The lesson to be learned from the recent e-card episode is that caution should always be applied when dealing with email from unknown or unexpected sources. This example took full advantage of us all wanting to receive a card to make the day better. In the future, look for the clues mentioned above to spot a fraudulent email. If you are not sure, take a moment to ask a peer or contact the ITS Help Desk at 706-737-1482. In the end you could be sparing yourself, and the campus, a great deal of frustration by using good judgment and the delete key. If you have questions or comments, contact firstname.lastname@example.org.
Other recent articles related to this:
• Fake e-cards highlight of awareness warnings
• Hackers aim to steal more than your heart
• ASU Report Jan’09: Watch your inbox – The dangers of e-cards, etc.