Are these bogus greeting card emails able to infect a Mac with the latest OS updates? Thanks for any help.

I found it amusing that immediately below this warning not to open e-cards was an ad for e-cards!

I got one yesterday, it was an American Greetings Card from a "friend", fortunately my anti-virus software caught it and deleted it.

Jake: There are no known viruses which affect Mac OS X users. None. None since the first release of OS X in 2001.

Curious to know if this virus is specific to Billyware (Windows) platforms, or is a Lenny Bruce: offends/infects all target OSes equally?

A couple weeks ago I received a legitimate eCard from a friend. A couple days later the fraudulent cards began trickling in, but I suspected the first was bogus and then the million which followed. ;)

I never open them unless I recognize the person that sends it to me, even then the people that send them to me include another way of contacting me to let me know it's there. They either call me or let me know in person (which is nice of them to do!).

I just got one of these this morning. And I deleted it, largely because it said that a "neighbour" had sent me a greeting card. Given that I live in Baltimore and not England, I was pretty sure this was not legit. Glad to have it confirmed.

Don't be delusional, Don. One example of an OSX virus was discovered last year in the wild - http://www.sophos.com/virusinfo/analyses/osxleapa.html

Also go to http://www.securemac.com/ to find out about other vulnerabilities patched or unpatched.

Don't be delusional, Don. This is one example of an OSX virus discovered last year in the wild - http://www.sophos.com/virusinfo/analyses/osxleapa.html

Also go to http://www.securemac.com/ to find out about other vulnerabilities patched or unpatched.

no one likes me so i delete all e greetings anyways

I agree with you Brian that it's a shame this potentially useful information resource (the Web) is so fouled by these grifters. A pox on their house! When will our international community get their act together and shut these criminals down? Aren't their actions a threat to national security? I would gladly accept some restrictions on my privacy, etc. if it enabled quick tracing and jailing of these jerks!

Saw several of these fake greeting cards in my gmail Spam folder, with subject lines saying "You've received an e-greeting from a class-mate" and "School-mate". considering I'm 20 years out of college, this seemed highly unlikely that I would click on this.

Nice thought, Mac! I'm sure Don is so proud of his secure OSX that he has applied nary a patch. Proof's in the eating of the pudding, I guess.

Yes, because virus writers go after computers people use - 90% of the world's computers run Windows. Mac virus? Why bother?

Re: Pete from Arlington
"A pox on their house!"

Or their city? Just before Katrina, I was receiving unbelievable amounts of spam through several email accounts. The day after New Orleans flooded it subsided to a trickle. And today I am not getting much more than 30-40 per day with 8 accounts.

About a week ago, I stupidly clicked a link on one of these from "American Greetings" that said it had been sent by "Your Friend." I almost immediately realized my mistake and closed IE before it got fully open, but now my e-mail opens REALLY slowly and other things seem slower.

Is there a way to make sure I'm not infected in some way, and then to remove whatever's going on? Any resources that can guide me?

My antivirus software hasn't flagged anything, and Ad-Aware and Spybot S&D haven't found anything unusual. Is there something else I should be using?

Any help is appreciated...

While it is possible for a Mac virus, and one should be careful, there has not been any yet that has affected the average user. Our Mac club has a thousand members, and no one has ever been infected. Personally I never click on these links or open attachments from anyone. I don't want to tempt the fates. PC people don't take this personally. I am fully aware of what has been written, but so far so good.

I agree with Pete from Arlington.
Why shouldn't all of us be held accountable for what comes out of our computer? Everybody is spammed and harassed by viruses and worms because so many individuals are unaware of their responsibility regarding the community, letting malware install themselves and operate on their boxes.
* While we are browsing the Web or sending mail, whether an up to date antivirus is operating on our computer should be monitored (with a flag or something).
* Providers should check if an online computer is sending suspicious mail (it should be easy to track spam and malicious greeting cards sent in bulk). Providers should be held accountable as well for the harm their subscribers do.
* Tell people to avoid using IE and Outlook (and why not Windows too ;-)).
Nick

I'm a webmaster with many mail accounts and I'm getting this bogus e-mail scores of times each day. Good thing I use Macs!

No, these viruses can't affect Macs. There has *never* been a penetration of Mac OS X. To believe that's because the Mac is a minority platform is to believe that no one wants to hack into or infect Apple, the film industry, the publishing industry, the TV industry, the Human Genome Project, the NIH, NASA, CIA, NSA, FBI, the National Laboratories, the Mac side of every university, newspapers large and small, the advertising industry, Bill Gates' company, "Corbis," Microsoft's own Mac department...

OS X has *never* been penetrated because every piece of malware released thus far has required administrator access. If I can persuade you to log on to your computer and delete critical files, is that a weakness in your OS?

Oh, and for those of you who claim that OS X has been penetrated, please cite an instance. Not a second hand report, not a purported unpatched vulnerability, not a proof-of-concept, but the first-hand report from the person or company that was hit by a virus or other malware. You can't do it, because it didn't happen. Will it happen? Maybe, but Mac OS X has been under constant attack for six years, and all attacks have failed to date.

"Is there a way to make sure I'm not infected in some way, and then to remove whatever's going on? Any resources that can guide me?"

I'd look for rootkits first: these hide an infection so that you anti-virus cannot see it. Fortunately there are several anti-rootkit scanners available now that don't require technical expertise. I'd run the F-Secure, Panda and AVG scanners.

If you find a rootkit, re-scan with your anti-virus after removing it.

You can also scan with AVG Anti-Spyware, Dr Web CureIT!, and the online scanners of various anti-virus companies.

There are links to all here in one of my "advice postings" on the avast! forum.

http://forum.avast.com/index.php?topic=29405.msg241747#msg241747

All these scanners are free.

"Is there a way to make sure I'm not infected in some way, and then to remove whatever's going on? Any resources that can guide me?"

I'd look for rootkits first: these hide an infection so that you anti-virus cannot see it. Fortunately there are several anti-rootkit scanners available now that don't require technical expertise. I'd run the F-Secure, Panda and AVG scanners.

If you find a rootkit, re-scan with your anti-virus after removing it.

You can also scan with AVG Anti-Spyware, Dr Web CureIT!, and the online scanners of various anti-virus companies.

There are links to all here in one of my "canned advice" on the avast! forum.

http://forum.avast.com/index.php?topic=29405.msg241747#msg241747

All these scanners are free.

I have received many of these lately. As usual with such spams, so many, in so many forms, are sent that it quickly becomes obvious they are illegitimate. Each day I get one saying I have received a card from a family member, friend, classmate (none know where I am) or worshipper (I did not check to see if it was from someone worshipping me or supposedly from a fellow church-goer, which would be strange since I do not go). I still get the usual ones saying I have won a lottery, and even, amazingly enough, still get the many variations on the Nigerian we-can-wire-you-money scams which have been known for years. Only original one was one saying it was from a US soldier in Iraq who had part of Saddam Hussein´s fortune.

Well I've been lucky enough to avoid any of these faux greeting cards to date and I hope it stays that way! Just what we need, another threat on top of all the malware, spyware, and phishing attempts out there. Phishing is the worst and if you're not to familiar with it take a look at this info, http://en.wikipedia.org/wiki/Phishing.

A good security application is more important than ever these days! Luckily I currently run Blink Personal Edition, by eEye Digital Security which gives me complete protection against zero-day attacks and all the other garbage out there. If any of you guys are looking to up security check Blink Personal out, http://www.eeye.com/html/products/blink/personal/index.html. It's affordable and wont disappoint!

Help! We've been getting these all week, and I've been deleting them. But today, out of curiosity, I clicked on the link for our e-greeting card. Things didn't look right when I clicked on the link, so I immediately tried to close it down.

How do I know if our computer has been infected with this virus?

What steps should we take?

Thanks

Glad to see this article in print--I tried to check it out when the first greeting showed up in my e-mail, but I didn't see any warnings anywhere. Maybe this will help other people avoid having problems.

The first one i received i clicked on. i was curious since i had been looking up old friends recently. Fortunately, my anti-virus was up-to-date and wouldn't let me open it. Within a week, i was being flooded with e-greetings from, "co-workers," "schoolmates," and "family." At that point it was obvious. Too bad they had to ruin something fun and legit.

The comments by the last two posters illustrate that we have aways to go 'til we get to the point of equating clicking on links in strange emails to sticking our finger in a fire.

Dear Mr. Krebs:

Suppose I were running in a limited user account, with the Administrator privilege turned off. Question: Would this block the malware infection you describe?

Tom Jones

Viruses? Oh! I remember those! Haven't had that problem since religated my Winblows machine to the garbage heap and switched to Mac. Come to think of it, I've not had any computer problems at all since then!

I have a Titanium with OS 10.4. Opened one of these greeting card e-mails because my sister uses them all the time. Now my computer is hosed. All operations have slowed down to a crawl, e-mail, browsers, etc. If it isn't a root kit I would sure like to know what it is!

Brian:
Keep up the good work. This is not on the
topic of greeting cards, but I thought I
would let you know that since Friday night,
"Bank of America" online banking no longer
supports Firefox. When I called this morning,
I was told that a corporate wide decision had
been made and if I didn't like using IE, I
could take my business elsewhere. The account
representative said he would switch me to
the tech. dept. - I got an AT&T message &
the line went dead.
It would be interesting if you have time
to investigate. You could title the article
"How Corporate America doesn't want your
Business!" or "A Hacker's Delight!"

Looking for techie help for WaPo's "The Fix" comments.

When I try to post a comment, I get the message "Comment submission Error - You must enter name and comment."

Well, my submission does have a name and comment.... and numerous tries to post have failed with the same message.

Help!

re: RP July23 10:58AM

I just now logged onto my BofA account and checked my balance and looked at a few transactions using Firefox 2.0.0.5.

I had no problems.

RE: blasher

I use Firefox 2.0.0.5 and BofA worked with
no problems until last Friday night. I enter
name and password and when BofA is suppose
to put up sitekey on screen...I get in large
characters: BAD REQUEST, Your browser sent a query
this server could not understand. The same information
appears using the latest
version of Opera browser. Only when I bring
up IE, do I get the "sitekey" and can log
into my accounts. So the change is in
the "sitekey" security area.
Not sure if I will move my account, but
very unhappy with BofA response.

OSX is NOT vulnerable to an attack such as this not because "it's a minority platform and hackers don't bother". I hear this explanation used all the time by Windows users. Think about it .... one of the things "true" hackers (not just petty criminals) want is notoriety. If you were the first to design a virus that successfully invaded Mac's you would be a f**king legend in the world hacker community. OSX cannot be infected with these type of viruses because of the OS design -- they would require "root" access to work. No one runs their Mac with root enabled. Unless you can "physically" get to a person's Mac and enable "root", OSX can't be hacked from net intrusion. Full stop ... done ... sorry PC users ... I know "misery loves company" but OSX is still rock solid after what? 6 years?

This is so funny. Everytime something like this comes out the PC vs. Mac argument starts up again. We all know that Mac's are the greatest thing since whatever and all Mac users are the smarted tech geeks on earth. Yipee!!! Give it a rest already.

"Tell people to avoid using IE and Outlook"
...I do it all the time and freely offer my time to assist them in making the transition.

(and why not Windows too ;-)).
I converted myself, and show off my lappy when I can, give out Ubuntu CD's and explain the ins-outs of Linux world.

D.

Well written & most informative, thanks.

Microsoft Most Valuable Professional
(Yes we read your articles as well)

Regards,

@Mac:
>>Don't be delusional, Don. One example of an OSX virus was discovered last year in the wild

"The malicious code uses social engineering tactics to infect a user's system, and does not exploit any security holes in OS X."
http://www.securityfocus.com/brief/142

And its removal rate exceeded its minuscule infection rate, and the vuln it was based on has been neutralized by a security patch, so it's effectively dead. Unless you have other examples to cite, that resets the scoreboard to "none", as Don said.

>>Also go to http://www.securemac.com/ to find out about other vulnerabilities patched or unpatched.

Note well: "vulnerabilities", not "exploits".

@Pete from Arlington:
>>I'm sure Don is so proud of his secure OSX that he has applied nary a patch.

I think it more likely that Don is so proud of his secure OSX that he has applied *all* patches against vulnerabilities which don't even have corresponding exploits yet, thereby keeping the infection rate far lower than the removal rate.

@Nick:
>>Tell people to avoid using IE and Outlook (and why not Windows too ;-)).

Most of what can be achieved by avoiding Windows can also be achieved by avoiding IE and Outlook.

All you mac fanatics need to realize that your prized OS was first run on PC's. Yes it was known as NextStep. I ran it for years. Its a Mach based unix plain and simple. And you're right unix can't be hacked the usual way from the net. Doesn't mean it can't be hacked. I've seen unix systems hacked through lots of places including the mouse port for christ's sake. Saying your OS is invunerable is just plain stupid. Then again Mac users have never been known for knowing much about the internal workings of their systems. Otherwise they would have root access turned on and be exploring.

Mr. Krebs,
Please write about Secunia's new PSI Beta. Also, please write about pitfalls the average user might encounter by trying McAfee's Rootkit Detector 1.0.
Thank you,
Sarah

I was successful in isolating and removing the greeting card virus with DrWeb Cure IT! free edition. It might help others who don't have the time to download a bunch of security utilities.

While I am sorry to see that some are still using this comment area for PC vs MAC snipes (enjoy your tools for what they do, not what they are), this is still an excellent and informative column worth wading through.

I opened the first of these 'greeting cards' and AVG woke up to alert me of an attempted trojan. I now block/delete all that follow.

I feel for the people who are trying to make a go of a legitimate online greeting card business. We need more happy notes in this world - not more idiots screwing with people to make themselves feel relevant.
FYI - you are a flea on the backsides of the Web; annoying and pointless.

Ok, regarding the ecard,egreeting from a friend, I am the idiot who fell hook, line and sinker for it.......and am i paying the price or what?

Last week,, i received the email of a greeting card sent from an old school friend. I now know this mail had been sent to me before but on this particular day, it just looked really good. I couldnt believe that 15 years later anyone knew me so i was happy to check this out. Using firefox browser, i clicked on the link in my email, up came the 'downloading' sign in firefox and once completed, opened up a blank page.

I didnt understand this and thought i did something wrong, so i downloaded it again. Still, once downloading was complete it opened a blank page and that was it. I checked the email and found that it was from postcards.com or something close to that. I typed in the www. email address myself and postcards.com came up but i couldnt see how i could get the link to get to this postcard. So guess what i did?

With my 'vast' computer knowledge, I understood that it must be because i was using 'the wrong browser'. :-) So, i retrieved the link and uploaded or downloaded through Internet Explorer. Again, it opened to a blank page after completion.............and then i knew!!!

The first sign was that some hours later, my laptop switched off, then again, and repeatedly for about half an hour with no cause, but i had terrible suspicions by then. The fact i am able to write this now, is due to having had to install 3 different types of anti-virus software in order for my laptop to work smoothly. The virus keeps transforming into something else, i dont know what thats about but....

There is only one good thing in all this. I bought a new laptop the day before this incident, due to arrive next week. So, the devastation wasnt so bad for the fact that i would still be up and running in a week. More importantly, it was a lesson that happened in time really, because i will not do that again!!!

Everybody likes sex!
If you need to find beautiful local girl, click here
http://adultfriendfinderpersonalsfreeonli.blogspot.com/

My office Mac's spam filter caught dozens of variations of the greeting card type trojan in the last week or so, and I was wondering if anyone would actually fall for such an obvious hoax. But! !!!!Yesterday I found what looked like a legitimate e-mail from a journalist friend, except that the subject line was in Portuguese, and I fell for it hook, line and sinker. When I opened the mail, there was a greeting with some CareBear type graphics, inviting me, still in Portuguese, to click on a link in order to see the animation. Of which there was none. Instead, I saw a page full of code. Still, I stupidly e-mailed my friend, saying: thanks for thinking of me while you're traveling in Brazil or wherever. He answered he was safely at home but obviously someone had broken into his address book and was using his name to send this spam to everyone in his contact list.
I felt safe because none of the many Macs my family has used over the years ever became infected, but now I am worried because some weird things did happen today and when I ran a test, I found my hard disk did show some damage.
Unfortunately I ran out of time, but first thing tomorrow I have to run some utility program to sort this out. I'm keeping my fingers crossed...

WaMu and Providian use Firefox. If they did not, i would find another bank credit card. Capital One uses Firefox. I do not use I.E. unless forced to.eg updates and downloads for Windows product. Never have like I.E. -
Greeting card e-mails started trickling in last month(July2007)and now 20 per day, easy.I agree with two colleagues on this forum........"you know better"....."you know where the delete button is"....What is the major malfunction? Firefox RULES.

SpySweeper has antivirus managed by Sophos. Been using them for years for spyware detection. Antivirus is new though, for them. Seems to work great. Rootkits fully scannable with their configurable interface....Used several others for years; none with ease nor flexibility of SpySwpr.

Virtual firewalls are impossible to train. You should not need any of that junk. Be sure to disable the e-mail shield in SpySweeper, else you will be sending few e-mails. That seems to be the only problem w/spysweeper - not a problem, just a situation. I am happy and trojan/bot/spyware/virus/malware-free. Any time i've had to do a system rebuild, i deserved it.

I used Outlook ONCE. Then i went out looking for Thunderbird e-mail client. It is thrilling just to use; not to mention the awesomeness of it. Truly the best e-mail program on this planet. Mozilla really has their act together. They wrote the original all-around e-mailer "Netscape" e-mail back with version 4.x of the old independent Netscape browser as an adjunct to the browser before AOL got hold of it and ruined it (only to develop Thunderbird). One may get that old 4.x version webpage on their browser of any brand by typing isp.netscape.com - Be careful starting it up for the 1st time though. If you download all your ISP's inbox mail, it will delete it from the mailbox as it is loaded into T-Bird's. You have to configure the options and preferences, making sure the box to "delete messages from original inbox as they are downloaded" is UNCHECKED. It is then ready to use and further configure. I counted them once and you may tweak T-Bird e-mail client 80 different ways.