Avoiding the Ecard.EXE Virus

A malicious new virus has been circulating the Internet recently, trying to sneak into your computer's back door by posing as a friendly greeting from a loved one. As Americans celebrate Independence Day and others throughout the world are on edge over recent terrorist activity, the temptation to have our hearts touched by those close to us can be overwhelming. When opening e-cards, though, use common sense and protect yourself from this dangerous new virus.

The SPAM email looks innocent enough. With a common-looking subject line such as, "You've received an e-card from a family member!" and an apparent well-known sender (such as e-card giants AmericanGreetings.com, BlueMountain.com and Hallmark.com), it's easy to fall victim to opening up the email.

Fortunately, this virus requires you to do a little more than open the email in order to download the harmful virus software. This step is where common sense plays a factor:

First and foremost, if you ever receive an email like the one described above, DO NOT click the link! HTML links are very easily masked to resemble reputable companies. Hovering your mouse on the link, though, will show you that the link actually points to someone's IP address- likely somewhere overseas and out of American jurisdiction- instead of to the company where the e-card supposedly originated. Never clicking on links in unsolicited emails is the first rule of keeping your computer safe. If you absolutely must know if the link is valid, highlight the link, copy it and paste it directly into your browser's address bar.

After following that general rule, here are a few more common-sense guidelines which, if followed, can keep your computer safe:

Telltale warning signs:
--The subject line says, "a family member" instead of a specific person's name. If someone had actually sent you a card, the system would know their name and would list it instead of a generic term.

--As mentioned above, the hyperlink may have an IP address instead of a domain name. If the link were legitimate, it would start with http://www.americangreetings.com instead of http://xx.xx.xx.xx/somethinglonghere.

--The "reply-to" address goes back to some unknown server, NOT AmericanGreetings.com. The "reply-to" address is very easily spoofed, but email readers should be cognizant of any mismatches between the apparent sender address and the "reply-to" destination.

--The phrase "If you wish to keep the ecard longer, you may save it on your computer or take a print." is very poor English. A reputable company will not use poor grammar such as "take a print."

Remember, just a little bit of common sense can keep you virus-free!

** An example of the unsolicited email follows. I have taken the liberty of replacing the malicious IP address with an innocuous IP address that will connect to your own router if you have one. **

> Subject: You've received a postcard from a family member!
> Date: Sat, 30 Jun 2007 01:08:18 +0530
>
>
> Good day.
>
> Your family member has sent you an ecard from
americangreetings.com.
>
> Send free ecards from americangreetings.com with your choice
of colors, words and music.
>
> Your ecard will be available with us for the next 30 days. If
you wish to keep
> the ecard longer, you may save it on your computer or take a
print.
>
> To view your ecard, choose from any of the following options:
>
> --------
> OPTION 1
> --------
>
> Click on the following Internet address or
> copy & paste it into your browser's address box.
>
> http://192.168.1.1/?b848ca9a885b5e6291c3de8293ec696
>
> --------
> OPTION 2
> --------
>
> Copy & paste the ecard number in the "View Your Card" box at
> http://192.168.1.1/
>
> Your ecard number is
> b848ca9a885b5e6291c3de8293ec696
>
> Best wishes,
> Postmaster,