Threat Description

Friendgreetings E-Card

Details

Aliases:Friendgreetings E-Card, E-Card, Friend greetings, Permissioned Media, W32/Aggressive_Marketing.Friendgreetings, Aggressive Commercial, Flooder.MailSpam.Friendgreetings, WORM_FRIENDGRT.A
Category: Malware
Type:
Platform: W32

Summary



In the end of October 2002 we started to receive reports from people who got suspicious e-mail messages.



Removal



Friendgreetings can be removed from the system by using the Add/Remove Programs applet at the Windows Control Panel. Uninstall both "Friend Greetings" and "WinSrv Reg".



Technical Details



These messages looked like this:

From: <sender's name>
 To: <recipient's name>
 Subject: <recipient's name> you have an E-Card from <sender's name>.
 Greetings!
 <sender's name> has sent you an E-Card -- a virtual postcard from FriendGreetings.com.
 You can pickup your E-Card at the FriendGreetings.com by clicking on the link below.
 h t t p://www.friendgreetings.com/pickup/pickup.aspx?code=<recipient's name>&id=<number>
 Message:
 ------------------------------------------------------------
 <recipient's name>,
 I sent you a greeting card. Please pick it up.
 <sender's name>
 ------------------------------------------------------------

In many cases the &lt;sender's name&gt; was missing from a message.

When a recipient clicked on the link, the Friend Greetings Setup software was downloaded and activated on his computer. That software package was created by Permissioned Media Inc. for advertising purposes. This company appears to be operating from Panama.

During installation the Setup program shows a disclaimer that the software would access a user's Microsoft Outlook address book to send a message to all e-mail addresses it contained.

If a user clicks 'Yes' button, installation continues and the software sends e-mails from a user's name to all his contacts.

If you've been hit by Friendgreetings and want to get rid of it, open up Control Panel and use the "Add/Remove Programs" option to uninstall applications "Friend Greetings" and "WinSrv Reg".

If you're a sysadmin and want to prevent your users from accessing Friendgreetings sites, you can block these web addresses at your firewalls:

List of known Friendgreeting sites (as of 8th of November 2002):

www.friendgreetings.com
 www.friendgreetings.net
 www.cool-downloads.net
 www.cool-downloads.com
 www.friend-greetings.com
 www.friend-greetings.net
 www.friend-cards.net
 www.friend-greeting.com
 www.friend-greeting.net
 www.friend-card.com
 www.friend-card.net
 www.friend-cards.com

If you think Friendgreetings is harmful and unethical, we suggest you complain directly to the company developing and marketing it, Permissioned Media Inc. They can be contacted at:

Support: support@permissionedmedia.com
 Sales  & Marketing: marketing@permissionedmedia.com
 Fax:  571-628-5535
 Permissioned Media  Inc.
 Sun Towers,  1st Floor, Office #39
 Ave. Ricardo  J. Alfaro
 Panama City, El  Dorado Zona 6
 Panama


Detection


F-Secure Anti-Virus detects Friendgreetings with the updates published on November 12th, 2002:
Detection Type: PC
Database: 2002-11-12_01



Description Last Modified: Description updated on 12th of November, 2002, F-Secure Corp.


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More