Greeting Cards

[dra007]

I know I've posted examples of greeting cards before that have a virus payload if you make the mistake to click on their link. Since that time the numbers have exploded to 40-60 a day, mostly but not all recognized and defanged by my postini filter.. So what is the scoop, obviously they were intiated by a virus and spread, but you would think after 2 month people would clean up..

Here is an example analyzed today, that postini identified as containig X-pstnvirus: W32/Zhelatin.gen!eml:

http://www.spamcop.net/sc?id=z1377357039z6...34bd88096ae45cz

[StevenUnderwood]

you would think after 2 month people would clean up..

Have you done anything other than report the IP address through SpamCop? The owner of the infected machine probably does not even know they are infected.

I was brought a machine to upgrade the memory once that had multiple virus infections, to the point that as soon as you connected it to the internet, the machine ground to a halt. Without the internet it worked fine. When asked, they agreed the internet seemed slow but that they just thought the computer was old and needed the requested memory upgrade.

I traced one back to the infection point 3 years before (they still had the email with infected attachment). They (of course) had virus protection which had expired 6 months to the day they first purchased the computer. They did ask me why McAfee popped up every time they rebooted their computer. I almost did not give it back to them

[dra007]

That sucks, sometimes I have to wonder if my own machine is not infected and end up buying and downloading yet another program...spend more days checking and rechecking. As for reporting, the ISP where the e-mail originates should get a report unless they refuse to. Problem is that the origin covers the entire planet as far as geography, and the goes for both the injection IP and website holding the nefarious greeting card. I have to yet see a pattern. What seemed to be unusual, at least in the initial phase of this explosion (which is becoming as annoying as spam) was that they originated predominantly in India, but that soon changed.

As a rule virus attacks spike up and decline relatively rapidly. This one has reached a high plateau and is still creeping up. I haven't made a systematic list of the virus payload but that too seems to vary somewhat.

[rconner]

They did ask me why McAfee popped up every time they rebooted their computer. I almost did not give it back to them

To operate a motor vehicle in most places, you must pass a basic competency test, get a license, and carry liability insurance. Stories like this make me wonder whether it isn't time to do the same with home computers!

-- rick

[Telarin]

Use a computer all you want without a license, but you should need one before you can be plugged into an internet connection.

[dra007]

To come back to the greeting cards, if they are from spammers trying to enlarge their bot net I hope I am making a dent in their nefarious acts ....Of just about over 2000 websites I reported more than a quarter (580) have been suspended...( reported to and handled by knujon)!

[DavidT]

Of just about over 2000 websites I reported more than a quarter (580) have been suspended...( reported to and handled by knujon)!

Keep up the good work. My office's network is being hammered right now by the infected variety of the bogus greeting cards. I'm receiving more admin notifications from our anti-spam system than I've ever seen before.

DT

[craigt]

I'd been getting several hundred of these things a day until today -- apparently McAfee added them to their scan list as W32/Zhelatin.gen!eml and they are all filtered out.

Good and bad; I wasn't going to visit the virus sites from them any way and now I can't report them

Guess I'll just concentrate on the good that the amount of crap actually winding up in my inbox has dropped by a percent or two.