September 21, 2006 6:07 PM PDT

E-cards used in data-thieving scam

Related Stories

Phishers catch on to the Net's 'long tail'

September 12, 2006

New Trojans plunder bank accounts

February 17, 2006

Zafi virus a top holiday hangover

February 1, 2005
Cybercrooks are using e-cards that appear to come from a secret admirer in a scam to collect sensitive personal information, a security expert has warned.

Data including credit card numbers, online banking credentials, and log-in names and passwords of thousands of individuals from Australia and the U.S. has already been collected in the scam, Roger Thompson, chief technology officer at security software maker Exploit Prevention Labs, said in an interview Wednesday.

The attacks involve e-mail messages that at first glance appear to be greeting cards from services like Yahoo or Blue Mountain, Thompson said. Clicking on the link to view the card, however, first sends the target to a malicious Web site that tries to silently install software that logs the user's keystrokes, he said. After that the card is displayed.

"It is really quick, nobody notices it," he said. "Unless you actually look at the source of the e-mail and say, 'Hang on, this is a redirect,' you wouldn't actually see it."

The miscreants use a flaw in Microsoft's Windows operating system to drop the spy software and a rootkit to hide it on PCs, Thompson said. Windows users who have installed the MS06-014 patch, released in May, are not vulnerable to this particular silent drive-by installation of malicious software.

The attacks appear to have started in April with a new wave of malicious e-mail messages sent out every week. Each week the attackers appear to collect a 200MB file with freshly capture information from a server, Thompson said. He was able to identify the server and reported the matter to Australian and U.S. authorities, he said.

So far, Exploit Prevention Labs has been able to identify that customers at nearly every Australian bank were compromised, it said in a statement. The cybercrooks have also targeted individuals in North America, Europe and Asia using a variety of e-card services, the company said.

See more CNET content tagged:
e-card, scam, U.S., e-mail, security


Join the conversation!
Add your comment
News is News
1. I'm sure a post will be put here sooner or later from someone who hates microsoft with the inevitable "M$ security sux" theme. However, this is not the case as a patch is already available, case closed, goodbye.

2. I'm sure a post will be put here sooner or later by a Microsoft fanatic saying "CNET unfairly attacks Microsoft". However, not every computer in the world is kept up to date on patches so this does affect people.

Sometimes, news is just news. Thank you, CNET, for printing it. Please continue to keep me informed of tech news, be it earth shattering or trivial.
Posted by Seaspray0 (9714 comments )
Reply Link Flag
It's not only "from secret admirers"....
I got one "from a family member"!

Thank God I use Yahoo and the thing wound up in my Bulk Folder alerting me that there was something WRONG! The Delete Button is such a wonderful thing!!!!!

CNET try researching DEEPER next time???????
Posted by btljooz (401 comments )
Reply Link Flag
Another spin on data theft...
So first it was spam, then phishing and now we're getting fraudulent e-cards in our inboxes. This is yet another reminder to never open email from unidentified users. <a class="jive-link-external" href="" target="_newWindow"></a>
And even when you think your friend might be emailing you a cool link, or in this case an e-card, do the extra step to see exactly where the link is taking you before you click it.
Taking the extra step to be cautious about incoming and outbound emails greately reduces the risk of getting personal information stolen or forwarded.
Posted by ml_ess (71 comments )
Reply Link Flag
I received two ecards, one from evironcare and one from netherton. Both say someone has gone to a great deal of trouble to make me a card from "anonymous." I did not open them and plan to delete. I am afraid that it is an e-card scam.
Posted by PeteSadler (1 comment )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.