Jump to content

Greeting Cards


dra007
 Share

Recommended Posts

I know I've posted examples of greeting cards before that have a virus payload if you make the mistake to click on their link. Since that time the numbers have exploded to 40-60 a day, mostly but not all recognized and defanged by my postini filter.. So what is the scoop, obviously they were intiated by a virus and spread, but you would think after 2 month people would clean up..

Here is an example analyzed today, that postini identified as containig X-pstnvirus: W32/Zhelatin.gen!eml:

http://www.spamcop.net/sc?id=z1377357039z6...34bd88096ae45cz

Link to comment
Share on other sites

you would think after 2 month people would clean up..

Have you done anything other than report the IP address through SpamCop? The owner of the infected machine probably does not even know they are infected.

I was brought a machine to upgrade the memory once that had multiple virus infections, to the point that as soon as you connected it to the internet, the machine ground to a halt. Without the internet it worked fine. When asked, they agreed the internet seemed slow but that they just thought the computer was old and needed the requested memory upgrade.

I traced one back to the infection point 3 years before (they still had the email with infected attachment). They (of course) had virus protection which had expired 6 months to the day they first purchased the computer. They did ask me why McAfee popped up every time they rebooted their computer. I almost did not give it back to them ;)

Link to comment
Share on other sites

That sucks, sometimes I have to wonder if my own machine is not infected and end up buying and downloading yet another program...spend more days checking and rechecking. As for reporting, the ISP where the e-mail originates should get a report unless they refuse to. Problem is that the origin covers the entire planet as far as geography, and the goes for both the injection IP and website holding the nefarious greeting card. I have to yet see a pattern. What seemed to be unusual, at least in the initial phase of this explosion (which is becoming as annoying as spam) was that they originated predominantly in India, but that soon changed.

As a rule virus attacks spike up and decline relatively rapidly. This one has reached a high plateau and is still creeping up. I haven't made a systematic list of the virus payload but that too seems to vary somewhat.

Edited by dra007
Link to comment
Share on other sites

They did ask me why McAfee popped up every time they rebooted their computer. I almost did not give it back to them ;)

To operate a motor vehicle in most places, you must pass a basic competency test, get a license, and carry liability insurance. Stories like this make me wonder whether it isn't time to do the same with home computers!

-- rick

Link to comment
Share on other sites

To come back to the greeting cards, if they are from spammers trying to enlarge their bot net I hope I am making a dent in their nefarious acts ....Of just about over 2000 websites I reported more than a quarter (580) have been suspended...( reported to and handled by knujon)!

Edited by dra007
Link to comment
Share on other sites

Of just about over 2000 websites I reported more than a quarter (580) have been suspended...( reported to and handled by knujon)!

Keep up the good work. My office's network is being hammered right now by the infected variety of the bogus greeting cards. I'm receiving more admin notifications from our anti-spam system than I've ever seen before.

DT

Link to comment
Share on other sites

I'd been getting several hundred of these things a day until today -- apparently McAfee added them to their scan list as W32/Zhelatin.gen!eml and they are all filtered out.

Good and bad; I wasn't going to visit the virus sites from them any way and now I can't report them :(

Guess I'll just concentrate on the good that the amount of crap actually winding up in my inbox has dropped by a percent or two.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...