In his post on Not-So-Friendly Greeting Cards, Brian Krebs of the Washington Post calls out the rise of fake online greeting cards that can install keystroke loggers on to your computer, rather than delivering what you thought to be an innocent e-card from a long lost aunt.

"You might want to think twice before opening that e-greeting card sent to you via e-mail. Cyber crooks have recently been blasting out millions of fake online greeting cards in the hope that recipients will click on the included links and infect their computers with password-stealing viruses.

"Previous e-greeting card scams harbored their viral payload in an infected e-mail attachment, but fraudsters now are simply embedding links in the fake card messages. Anyone who clicks on such a link without the benefit of the most recent security updates for their Web browser is likely to have their PC silently whacked with an invasive keystroke-logging program.

"... It is sad that the state of e-mail security has come to this, but Microsoft Windows users would be well-advised to simply delete any e-greeting cards that land in their inboxes."

For more info, see the Wiki link on the Storm Worm, and here on Symantec's site.

Also, here's the link if the embedded links above don't work: http://blog.washingtonpost.com/securityfix/2007/07/notsofriendly_greeting_cards_1.html

And see my past note on how there's no immunity from security vulnerabilities.

More info:

Tags: , , , , .