|
 |
|
 |
| Sunday, September 05, 2010
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
SullyC |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
53 |
 |
People Online: |
 |
Visitors:
6 |
 |
Members:
0 |
 |
Total:
6 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 11/04/2002 11:02 AM |
|
| What Is It?
An activeX control known as "Friend Greeting" that email's itself to everyone in your address book. It is an annoyance more than anything. Some company has come up with a way to distribute their "greetings" using virus-like capabilities. The message arrives as if it were a greeting card from a friend. When you click on the webpage to pick up the "Card" the program installs an ActiveX control on your computer. There is no attempt to obscure the original sender of the greeting, and the installation proceeds as any normal application install would. In order to "see" the greeting card you must install the ActiveX control on your computer. As part of the installation, you're presented with a license agreement (typical for a control). Buried within the license agreement you are agreeing to allow the friendgreetings.com (or friend-cards.net, or friend-cards.com or cool-downloads.net or friendgreetings.net) to go through your outlook address book and email a "greeting card" to everyone you know. Now, since they ASK your permission first and you AGREE to the license agreement - this can't be classified as a virus. Supposedly you are knowingly allowing the activity. Furthermore, the program makes no attempt to hide itself, and you can uninstall it easily. But we all know that we rarely read the fine print in the license agreement, and that this is a dirty underhanded thing for them to be doing.
Since it's not a "virus" Norton or McAfee probably won't detect it as such. Therefore, you can't rely on virus protection for this one - you have to just be aware of it. As I said it makes no attempt to disguise itself.
What Should You Do?
Basically the answer to this one is - don't be fooled. If you must run attachments (and we've told you multiple times not to do so) be SURE you read the fine print in the license agreement and understand what you're authorizing. If you don't understand it - don't install it. If you already have run it, you can uninstall by going to add/remove programs in your control panel and doing a "uninstall" on the friend greetings program. Not to mention sending a message to everyone in your address book apologizing for the intrusion and telling them not to run the program :)
Additional Information
http://vil.nai.com/vil/content/v_99760.htm
This concludes this VirusWarning notice, drafted Monday, November 4 2002.
Lee Drake
Aztek Computer Solutions, Inc.
39 N. Goodman St.
Rochester, NY 14607
P: 585-242-2060
W: www.azcomputer.net
Subscription info for this newsletter can be found at: http://www.leedrake.com/virus_notification.htm
|
|
|
|
|
Lee Drake
Posts:238
|
| 11/04/2002 9:15 PM |
|
| I'd like t add a tad to what Lee said about this nuisance.
As explained at http://vil.nai.com/vil/content/v_99760.htm, McAfee does have a detector and cleaner for this worm in its 4131 DAT files, released on 30 October 2002 as a routine update. However, they caution that their on-access scanner will not detect it. Therefore, you must use their Command Line scanner, which is an optional component and some may have elected to leave it out when they installed VirusScan. Instructions for its use are in the article. Obviously, none of this applies to you unless you took the bait.
At http://www.fsecure.com/v-descs/friendgr.shtml, anti-virus vendor F-Secure of Finland lists the following aliases:
E-Card
Friend greetings
Permissioned Media
As a general matter, you should be aware of what a digitally signed ActiveX control or other program does and does not mean.
The code has not been altered. Digitally signed code has not been altered since it was signed. This is true of all digitally signed code.
The code was signed by the person or organization named in the certificate. If the certificate says "Publisher authenticity verified by _____" where the blank is replaced by a name such as Thawte Server CA or VeriSign Commercial Certificate CA, you can be assured that the Certificate Authority (CA) has taken reasonable steps to ascertain that the signer is who they say they are and that they are a legitimate software publisher.
Pay close attention to the name of the CA. Unless you recognize it, you should not trust the certificate. The most widely recognized and accepted CAs are VeriSign, http://www.verisign.com, and Thawte, http://www.thawte.com..
If the certificate says that its authenticity was verified by the same person or organization that signed it, you have what is known as a self-signed certificate. Be very wary of these unless you really trust the signer and are very sure of the origin of the signed code.
The certificate tells you nothing about the safety of the code itself. Just because it's signed doesn't mean it's safe, as illustrated by the case in hand. You should only trust signed codes from trustworthy signers.
Thank you for your attention and your trust.
David Gray
P6 Consulting
V: +1 (972) 751-0254
TZ: USA Central, GMT -5
E: mailto:dagray@p6c.com
W: http://www.p6c.com
For information about this list, including how to subscribe, see http://www.leedrake.com/virus_notification.htm.
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|