G DATA Software AG: Antivirus, Virenschutz, Virenscanner, Internet Security

Time and again, spammers distribute counterfeit e-cards on special occasions and national holidays. Even now the experts at G Data are already receiving an increased number of variants of dangerous Christmas and New Year greetings.

 

Ralf Benzmueller, manager G Data Security Labs: "The number of counterfeit greeting cards has not changed significantly from last year, however we are again seeing a seasonal increase in Christmas e-cards. The scamsters hope that especially at Christmas they will achieve a high success rate, because at a time when people are celebrating love and hope they are expecting to receive greeting cards rather than anything else and hence will possibly click on attachments or links without thinking."

 

Keep an eye on the subject field
Genuine providers of online greeting cards give the complete name of the sender in the subject field. Greeting cards originating "from a friend" or "from a neighbour" or even "from a colleague" or any other such an anonymous source, should be ignored and immediately placed, unread, in the trash can. Spelling and grammatical errors in the subject field or text of the email are also a sure sign of scamming mail.

 

Screenshot 1: Dangerous Christmas mail entices the reader to an infected website

 

 

Delete attachments and look at links carefully
In some greeting cards, the greeting is apparently attached to the email as a file. Such e-cards should simply be deleted. Genuine providers of electronic greeting cards do not send any greeting mails with attachments.

 

You should also be suspicious if, after clicking the link in such an email, you are requested to download a file. However, even if the website behind the link appears unsuspicious at the first glance, malware can get onto the computer unnoticed.

 

A further option for tunnelling malware onto the computer of the e-card recipient is a request to update the flash player, some other MP3 player software or a codec. As soon as the bogus greeting card page has been called up, a pop-up window opens with a download link to an apparent update. Software updating should never be carried out via such pop-ups, rather they should always be downloaded directly from the producer.

 

Infected e-card websites have also been found
However, infection risks do not only lurk amongst incoming cards. G Data has also discovered infected e-card sending sites. A disguised script was found on the website shown below which, unbeknown to the visitor, guided the browser to a malware server and thus infected the computer via a drive-by-download.

 

Screenshot 2: An infected e-card website:

 

The consequences of an infection
In one example, a virus such as a Trojan horse can infect the system through any of the various paths and can then read the personal data of the user.

In a further example, computers may end up recruited into a botnet so that they can then be remotely controlled by the perpetrator. It is then possible to use the PC itself as a spam distributor or malware spreader.

 

Protection tips:
- Delete e-cards from unknown senders without reading them
- E-card mail with excessive numbers of spelling and grammatical errors should also be deleted
- Also delete greeting card emails with attachments without opening them
- Do not click on any highlighted links in mails without first considering the consequences
-Only load program updates from the producer websites