E-Card is scam, spam & porn

[Old_Sixteen]

Please proceed with caution over the next few weeks when receiving an "E-Card"....
This little gem will help itself to all the address in the PC of the unwary, to peddle it's trash.

The spammers are now in the trojan business? (I have added this nasty (friendgreetings.com) to my restricted list. ) I can't believe no one has shut them down.

Read all about it here:
http://www.msnbc.com/news/826033.asp...223F6Z0-&cp1=1

[Paul Wilders]

Quite so, Old Sixteen.

Sophos alerted this way:

"SOPHOS ADVISES ON UNWANTED "E-CARDS" FILLING EMAIL INBOXES

It's not a virus, it's not a worm.. but it could be considered a nuisance


Sophos technical support has received a significant number of calls from customers concerned about a widespread email which invites users to pick up an "E-Card" from a website called FriendGreetings.com.

If users follow the link in the email, they are invited to install an ActiveX control onto their computer. An end-user license agreement (EULA) is displayed stating that by installing the application the user is giving permission to send a similar greeting card to all addresses found in
the user's Outlook address book.

Of course, many users will not read the EULA thoroughly and will simply give permission for the ActiveX control to be installed, thus allowing many unwanted emails to be sent.

The emails arrive with the following characteristics:


Subject:

<Recipient name> you have an E-Card from <Sender name>

Body:

Greetings!

<Sender name> has sent you an E-Card - a virtual postcard from
FriendGreetings.com. You can pick up your E-Card at the
FriendGreetings.com by clicking on the link below.

<A url at wwx.friendgreetings.com is then displayed>

Message:
----------------------------------------------------------
<Recipient name>
I sent you a greeting card. Please pick it up.
<Sender name>
----------------------------------------------------------


It should be noted that this is not a virus or a worm, and that the email has no attachment.

Customers with web proxies who are concerned about users forwarding unwanted emails may like to consider blocking access to wwx.friendgreetings.com. The website is run by a Panamanian company called Permission Media, Inc. Companies who receive unwanted email as described
above may wish to complain directly to Permission Media."

regards.

paul

[Primrose]

ON LINE GREETING CARDS ARE" NOT" FOR YOU !

If you get an email to pick up greeting cards you have TWO new exploits to consider. One is a trojan the other is a worm and if some of your friends fall for them and get infected....you will end up with email of the same variety..
and on the second one your friend will have already given out your email address in the process.





Troj/Ortyc.

It opens windows pop-up of pornographic sites.

This Trojan when executed,opens windows (pop-ups) towards pornographic sites. This happens while you uses the Internet Explorer to surf and happen practically any time you visit any site.. The "trigger" is a series of found key words in the visited site, which are compared with an own list, incorporated to the code of the trojan.

The trojan can arrive at our PC in an electronic message that announces an electronic greeting card to us of saluting that somebody has sent to us.

Name: Troj/Ortyc
Type: Trojan horse
Alias: Ortyc.Trojan, Cytron
Date: 24/oct/02
Size: 122.880 bytes
Platform: Windows 32-bits



(see here)


http://www.dslreports.com/forum/rema...ty,1~mode=flat




__________________________




Similar type exploit this one a worm that steals all the names from your address book.





Name: FriendGreetings (Friendgr)
Type: Worm of Internet
Alias: Friend_Greeting@mm, Iworm.Friendgr, WORM_FRIENDGRT.A, Friendgreetings
Date: 25/oct/02

(see here)

http://www.dslreports.com/forum/rema...ty,1~mode=flat

[Loki]

Hi,

Just to let everyone know friendgreetings.com is in the ie-spyad list for restricted sites. Boy do I like that.

Loki

[Primrose]

We had our first member come up with Troj/Ortyc. opens pop-up of pornographic sites on his system last night.
Posting this link for all of us here to get some ideas how hard it seems to clean this one off. I think in the next week all the AV/AT house will have it down pat...some might be able to do it now...as we all know that cockpit error always comes into play when you are angry and want the bugger gone. But it was interestings.





Help!! This Cytron browser hijacker crap keeps

http://www.dslreports.com/forum/rema...ty,1~mode=flat

[TonyKlein]

About Cytron/Burnaby/E-Card, here's some more info: http://and.doxdesk.com/parasite/Cytron.html

We've been seeing a lot of it indeed.

It installs the following Browser Helper Object {3750BFA3-1392-4AF3-AF86-9D2D4776E5A4}: potd.dll

If you disable or delete that one, that should get rid of it.

Cheers,

[TonyKlein]

Additionally, here's the E-Card ActiveX object, which needs to be deleted in Downloaded Program Files as well:

[TargetingSource Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\potd.dll
CODEBASE = http;//www.surprisecards.net/e-card_viewer.cab