E-postcards endanger your computer
Date: August 14, 2007
The UW is receiving a large and increasing number of a new type of dangerous email. Email messages that say "a postcard is waiting for you, just click here," or something similar, are trying to entice you to visit a Web site capable of attacking your computer.
Do not click on any links or go to any Web addresses in such messages!
Your computer is likely to be attacked by sophisticated programs designed to search for weaknesses in your computer's configuration and use them to inject viruses or bot programs into your computer. Simply visiting the Web page will cause an attack, even without clicking on anything in the page.
Although up-to-date, well-maintained computers with current anti-virus software are less vulnerable, even they might be infected by such sites.
What do they look like?
A recent fake postcard message had the following text:
Subject: Animated postcard
School friend(tht_2020@shaw.ca) has created Animated postcard
for you at xxxxxx.com.
To see your custom Animated postcard, simply click on the
following link:
http://xx.xx.xxxx.x/
Send a FREE greeting card from xxxxxx.com whenever
you want by visiting us at xxxxxx.com
This service is provided and hosted by xxxxxx.com.
Because these messages are simple text (which varies from message to message) and do not contain any recognizable viruses themselves, they are difficult for anti-virus and anti-spam programs to identify. UW UW Technology is constantly updating the attack and virus detection systems for UW Email to try to stop as many of these messages a possible, but large numbers are still getting through.
How do these attacks work?
Called "drive-by attacks" or "drive-by downloads" these attacks are particularly dangerous because simply visiting a page can cause an attack and the attack can take place without any apparent indication to the computer user.
When you visit a Web page with the attack code embedded in it, the attack program uses security flaws (if found) in your browser to quickly and systematically check for hundreds of possible weaknesses in your computer. If any are found, a file is uploaded, infecting your computer. Some of the uploaded programs are likely to be "bots," programs that run on an infected computer and can respond to commands sent from elsewhere on the Internet. Such bots are responsible for a large part of email spam. The presence of such infections is often not apparent to the computer user and may even be hidden from any anti-virus programs the computer is running.
Questions
How can I tell if a postcard message is good or
bad?
You should be suspicious of ANY email message
containing WEB addresses! Anything about the
message (wording, colors, graphics, logos, etc.) can be
faked. That said, if the message is expected and is like
legitimate messages you have received before, it MAY be
legitimate.
What can I do to prevent a drive-by
attack?
For all kinds of computers, install all the operating
system and software updates as soon as they become
available. Many of the updates address the known
vulnerabilities the attack programs are looking for.
Also, install and run an anti-virus program (faculty, staff, and
students can download McAfee anti-virus free) and
keep up with up with all the data file updates.
More Information
- Every Computer Needs Management - Good management of your computer is your best protection against attacks and infections.
- W32/Zhelatin.gen!eml - McAfee. Many of the fake postcard messages appear to be of this type.
- So Long Script Kiddees - Information Security Magazine. Attacks on computers are becoming more sophisticated and professional. The days of naive script-kiddees are gone.
- Cursor Hole Puts Windows PCs at Risk - CNet. New found vulnerabilities in common browsers mean simply visiting a Web page can evoke an attack
- The Ghost In The Browser: Analysis of Web-based Malware - Google. A recent comprehensive technical paper on drive-by downloads.
- Nebula Services - For a monthly fee, UW Technology Nebula Services can provide you with a system of networked personal computers, managed and supported by UW Technology.
