You Have Received a Greeting Card From . . . a Spammer

By Sam Diaz and Alejandro Lazo
Washington Post Staff Writers
Saturday, July 21, 2007

Internet spammers launched a widespread attack on e-mail inboxes this month. But instead of trying to lure users into opening a corrupted attachment, they're concealing a computer virus in a link to an online greeting card.

Postini, an e-mail security company, said it has seen about 275 million such messages since July 2.

On average, the company sees about 700,000 viral e-mails per day worldwide. This week, there have been as many as 35 million in a single day because of the spike in e-card spam, said Adam Swidler, a senior vice president of Postini.

This week, the FBI warned consumers about greeting-card spam; earlier this month, the Federal Trade Commission held a summit on the growth of malicious e-mail. Symantec, an antivirus company, also said it has seen a proliferation of online-greeting-card scams recently.

"It is just the latest trick for attackers to get users to install malicious software on their machines," said Zulfikar Ramzan, senior principal researcher for Symantec. "I think attackers have come to realize simple is good."

In most cases, the subject line informs recipients that they've received a greeting card or a postcard from a "friend," "family member," "worshipper," "school-mate" or "neighbour." When the e-mail is opened, there's a link to a Web site that uploads a virus to the recipient's computer.

This latest attack highlights a new way in which spammers can distribute damaging software that can compromise computer owners' security and privacy. Now that consumers generally know about the dangers of opening attachments from unknown senders, some hackers have turned to using links instead. Web site links don't generate the same level of suspicion among Internet users, as consumers regularly send online gift cards, share online photo albums and offer birthday wishes via e-mail.

"It's a good lure," said David Marcus, a security research and communications manager for McAfee, a maker of antivirus software. "It's standing a better chance to get somebody to click."

Users of infected computers have few choices beyond buying and installing software to scan and clean their hard drives. Those who receive a purported greeting-card e-mail -- but don't recognize the sender -- are instructed to simply delete the e-mail.

American Greetings, which offers an online greeting-card service, posted a warning on its Web site. The company is reminding customers they don't have to click on a link; they can retrieve legitimate greeting cards by going directly to the company's site.

© 2007 The Washington Post Company