Virus Alert

John Rogers
3rd July 2007, 23:34

The GTG Team has received multiple reports of malicious e-cards that are being widely distributed in an attempt to compromise systems. The emails claim to have been sent from a family member, classmate, schoolmate, neighbor, colleague, worshipper, etc. and use similar formatting to legitimate e-cards. Once the user clicks on the link to view their e-card, they are redirected to a site containing malicious code. The code is downloaded immediately and depending on the users’ security posture, this could result in their system being compromised. There are multiple versions of the email with some claiming to originate from and others from

We have configured our filters to block incoming traffic from known senders of this virus, however if by some chance you do receive a similar e-mail message stating you have received an e-card; DO NOT CLICK ON THE LINKS, just DELETE THE EMAIL.

3rd July 2007, 23:38
thanks john...................

3rd July 2007, 23:40
Thanks from me John


4th July 2007, 00:07
Hi Roger, they never stop do they; I have had about fifty of these
naff emails; I have ditched them all; I cannot emphasise more the
need to not have the preview window open. Also check emails via
the properties function - and then message source.
A new one I have had is an email with my own email address as the
sender, but the source shows it is a cover sender. Be aware that
even if the senders email address is known, it may very well not be
from that sender.

4th July 2007, 00:13
thanks from me too. appreciate the warning and advice, had one this morning totled "God bless america" deleted it straight away.

John Rogers
4th July 2007, 00:41
Here is another warning for you all.

New mutation of PDF spam
Published: 2007-07-03,
Last Updated: 2007-07-03 13:28:39 UTC
by Maarten Van Horenbeeck (Version: 1)

A few weeks ago we reported on new spam using PDF attachments. These were professionally designed and contained graphs and detailed information on the stock in question. In general, they covered one stock on the Frankfurt stock exchange each.

During the last two days, we've received continuous reports of new PDF spam. This time the pages attached are generally of different size each time (no longer A4, but 4x3 inch or 6x1 inch). The text also has been obfuscated which makes it much less readable, but also more difficult for spam filters to assess through OCR. Stocks mentioned are now listed on NASDAQ instead of the European exchanges.
Incident response for the mobile enterprise
Published: 2007-07-03,
Last Updated: 2007-07-03 08:23:28 UTC
by Maarten Van Horenbeeck (Version: 1)

4th July 2007, 03:52
I just got a new one claiming to be from Hallmark, so they're trying anything.

4th July 2007, 16:47
Many thanks John for the warning, much appreciated.

4th July 2007, 22:37
I have had a dozen of these pdf emails -trash em.
They seem to come up with a lot of weird spellings
and combinations of letters and numbers and symbols
to get by my filters, but the best filter is common sense
and awareness, Thanks again John.

4th July 2007, 22:51
thanks lads

4th July 2007, 23:37
I think I've had one. Didn't open it to find out though!! Deleted straight away.

5th July 2007, 00:56
A legitimate e-greeting card will always have the name of the person who sent it in the title, for example:
"An e-greeting card has been sent to you by tunatownshipwreck" or
"Tunatownshipwreck has sent you an e-greeting card".
Either way, you may not want to open one from this fellow, but if it's truly someone familiar to you, click on "properties" and read that before you open it.

5th July 2007, 01:37
I also add that the machinery comes up with random names
to put in the sender and to place in the subject; I have had
a number of these, which actually include my christian name,
but, of course, the odds are there that someone will get the
correct name thrown at them; like the old music hall trick,
someone is bound to know someone with the name dawn out
of a hat, out of 500 audience. And it is a 365 to 1 shot that
someone will have that birthday that is drawn. Nowadays,
I don't trust any email, except via the properties function.
As I have experienced, not even my very specific email
address is safe, and that was thrown at me .... I know
of no one who uses that particular shorthand for Cornwall.
These people need their binary bits wired up to something
very powerful and shocking.