Viral marketing or spam? – beware of the e-card trick

Anti-virus companies are warning of this new twist in viral marketing – but acknowledging that it is not necessarily their place to stop it. The biggest concern is that this guerrilla marketing technique could catch on. It could also be used for spreading malicious files.

The e-mail will likely arrive from someone you know, with the subject line "you have an E-Card from [name]". The body of the message reads:

"[name] has sent you an E-Card – a virtual postcard from FriendGreetings.com. You can pickup your E-Card at the FriendGreetings.com by clicking on the link below."

There is no file attachment – just a link. However, upon visiting the link, the web site will attempt o either download an ActiveX control or a Java archive (JAR) file which contains the installation for the program, albeit consent is required.

According to security firm MessageLabs,

"Within the terms of the agreement for this control it actually states that it will install a program which will send out a copy of the e-mail to everyone in the recipient's address book. Only by accepting these terms will the program have any effect."

The problem is that such agreements are often ignored by internet users – they simply click the "OK" button.

MessageLabs observes:

"A serious side-effect of this kind of program is that it by allowing it to run, you may be potentially breaching many laws governing data protection."

The security firms suggest that barring employee access to FriendGreetings.com is a good precaution.