Friendgreetings E-Card

Classification

Category :

Malware

Type :

-

Aliases :

Friendgreetings E-Card, E-Card, Friend greetings, Permissioned Media, W32/Aggressive_Marketing.Friendgreetings, Aggressive Commercial, Flooder.MailSpam.Friendgreetings, WORM_FRIENDGRT.A

Summary

In the end of October 2002 we started to receive reports from people who got suspicious email messages.

Removal

Friendgreetings can be removed from the system by using the Add/Remove Programs applet at the Windows Control Panel. Uninstall both "Friend Greetings" and "WinSrv Reg".

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

These messages looked like this:

From:   To:   Subject:  you have an E-Card from .  Greetings!   has sent you an E-Card -- a virtual postcard from FriendGreetings.com.  You can pickup your E-Card at the FriendGreetings.com by clicking on the link below.  h t t p://www.friendgreetings.com/pickup/pickup.aspx?code=&id;=  Message:  ------------------------------------------------------------  ,  I sent you a greeting card. Please pick it up.    ------------------------------------------------------------  

In many cases the <sender's name> was missing from a message.

When a recipient clicked on the link, the Friend Greetings Setup software was downloaded and activated on his computer. That software package was created by Permissioned Media Inc. for advertising purposes. This company appears to be operating from Panama.

During installation the Setup program shows a disclaimer that the software would access a user's Microsoft Outlook address book to send a message to all email addresses it contained.

If a user clicks 'Yes' button, installation continues and the software sends emails from a user's name to all his contacts.

If you've been hit by Friendgreetings and want to get rid of it, open up Control Panel and use the "Add/Remove Programs" option to uninstall applications "Friend Greetings" and "WinSrv Reg".

If you're a sysadmin and want to prevent your users from accessing Friendgreetings sites, you can block these web addresses at your firewalls:

List of known Friendgreeting sites (as of 8th of November 2002):

From:
 To:
 Subject:
you have an E-Card from .
Greetings!
 has sent you an E-Card -- a virtual postcard from FriendGreetings.com.
You can pickup your E-Card at the FriendGreetings.com by clicking on the link below.
h t t p://www.friendgreetings.com/pickup/pickup.aspx?code=&id;=
Message:
------------------------------------------------------------
,
I sent you a greeting card. Please pick it up.

------------------------------------------------------------

If you think Friendgreetings is harmful and unethical, we suggest you complain directly to the company developing and marketing it, Permissioned Media Inc. They can be contacted at:

From:
 To:
 Subject:
you have an E-Card from .
Greetings!
 has sent you an E-Card -- a virtual postcard from FriendGreetings.com.
You can pickup your E-Card at the FriendGreetings.com by clicking on the link below.
h t t p://www.friendgreetings.com/pickup/pickup.aspx?code=&id;=
Message:
------------------------------------------------------------
,
I sent you a greeting card. Please pick it up.

------------------------------------------------------------