Pages

Tuesday, July 31, 2007

Email Virus Alert- Greeting Card from a Classmate actually the W32/Zhelatin.gen!eml virus

Was checking out the bulk folders for several email addresses I have, today, for any legit emails that might have inadvertently been pegged as spam (which does happen), when I noticed 2 different greeting card emails. No names I recognized, so I deleted them, though I did hesitate momentarily. You know, curiosity.... blah blah blah. I receive E-Cards quite often, and usually just click on the link, although I usually delete anything with attachments unless I know the sender, and have confirmed that they actually sent it. But the fact that it wound up in the bulk folder made it suspect.

Coincidentally, I received an email from a friend, within seconds of having deleted the E-Card emails, warning of a relatively new virus, with a link to a snopes.com verifying the validity. Actually it was first reported early July, but this is the first time I have received any.

According to Mcafee Anti-Virus, the virus is W32/Zhelatin.gen!eml:

Overview -

This is a generic detection of spammed email messages used to entice users into visiting sites hosting exploits that would result in a drive-by download. A user receives an email titled “You’re received a postcard” [greeting card etc] in his inbox and is requested to open the link contained in the message body in order to view the virtual postcard. On visiting the link, a cocktail of browser and application exploits that attempts a drive-by install of malware on the users machine is performed.


A copy of the spammed message is as follows:


Symptoms -
Presence of the W32/Zhelatin.gen!eml detection is not an indication that a system has become actively infected. The from address is spoofed when sending infectious email messages and therefore, it can not be assumed that the from user address is any indication of which user may actually be infected. The following list of subject lines have been observed in the wild:
You’ve received a greeting card from a admirer!
You’ve received a greeting card from a class mate!
You’ve received a greeting card from a class-mate!
You’ve received a greeting card from a colleague!
You’ve received a greeting card from a family member!
You’ve received a greeting card from a friend!
You’ve received a greeting card from a mate!
There are many more.
Considered low risk, but it's always a pain to remove them, so better safe then sorry. Delete, delete, delete.
In my humble opinion, spammers and virus creators etc. should be drawn and quartered!

14 comments:

Freedomnow said...

They always come up with new ways to getcha.

Its a shame because it hurts productivity and degrades the quality of life.

My personal opinion is that antivirus software and firewalls are nothing but viruses that we willing put on our computers. Of course our bodies use beneficial viruses so this concept is nothing new.

WomanHonorThyself said...

hiya Incog!..drawn and quartered..ha!..yessiree girly!

Pat Jenkins said...

at least you get e-mail cards, i never get em. nobody loves little ole me. so i would probably open it just for the heck of it. ha ha!!! incong as always you are vigillant when it comes to exposing all that may harm. you are my heroine!!!

Avi said...

The jerks who spend their time comming up with ways to infect other computers should be tarred and feathered.

P.S. I really enjoy your blog. Visit mine and I'll link to you if you link to me.

Frank Partisan said...

I don't know if it is still around, the worst browser attacker was xupiter,com.

Get a Mac.

Anonymous said...

Another blogger warned me about this. I noticed I had gotten a few e-card notices, but they looked 'funny', so I deleted them right away and reported them as spam. I have my email messaged set NOT to open for one full minute (or more, the maximum). That gives me time to look over something before actually opening it.

I have Trend Micro PC-cillin virus protection. I had never heard of it before I got this laptop, and it came installed.

I LOVE it. I've had McAfee and Norton before, but I love this.

Chris McClure aka Panhandle Poet said...

I agree with your "humble opinion."

Ottavio (Otto) Marasco said...

"Hanged, drawn and quartered". ouch! That's mean but why be humble incog? Are you feeling insignificant and unimportant? We won't have that ... stand tall cause spammers and virus creators are scum. I was hit once, on my old computer and it caused much pain. Thank you for reminding us of the dangers...

The Merry Widow said...

Hi, I'm the blogger Debbie referred to, and I have PC-cillin. It has been doing a great job, I just sent out the warnings to people I know, because these things are pesky!

tmw

Incognito said...

FREEDOMNOW: Can you imagine if they used all that brain power for something useful?! Oh well. So, we have to put up with all that spam and junk on our computers.

WOMAN: :-) being polite.

PAT: Awww... I'm sorry, but I'm sure plenty 'o people love ya! We all do. And thank you, you're so sweet to say that.

BAR: Tarred and feathered is too gentle a punishment.. :-)

REN: Heh. Nah, I still like PC's and MAC gets hit, though not as much. Actually, interestingly enough, most actors have MACs.

DEBBIE: Huh.. will have to check out PCcillin. Am a little disappointed with Norton, which I have used for years. Will check into it when my subscription runs out next year. Thanks!

PAN: Glad to hear others agree! :-)
AI: Thank goodness I have never been hit, but have been the recipient of dozens of virus /trojan laden emails, which is just as annoying.

MERRY WIDOW: Hmmm.. 2 recommendations.. will def. check it out. Thanks so much!

Incognito said...

FREEDOMNOW: Can you imagine if they used all that brain power for something useful?! Oh well. So, we have to put up with all that spam and junk on our computers.

WOMAN: :-) being polite.

PAT: Awww... I'm sorry, but I'm sure plenty 'o people love ya! We all do. And thank you, you're so sweet to say that.

BAR: Tarred and feathered is too gentle a punishment.. :-)

REN: Heh. Nah, I still like PC's and MAC gets hit, though not as much. Actually, interestingly enough, most actors have MACs.

DEBBIE: Huh.. will have to check out PCcillin. Am a little disappointed with Norton, which I have used for years. Will check into it when my subscription runs out next year. Thanks!

PAN: Glad to hear others agree! :-)
AI: Thank goodness I have never been hit, but have been the recipient of dozens of virus /trojan laden emails, which is just as annoying.

MERRY WIDOW: Hmmm.. 2 recommendations.. will def. check it out. Thanks so much!

Anonymous said...

Thanks for the heads up.

Righty64 said...

OOOOHHH! Thanks for the warning! I actually got one of these at work and like a fool tried to open it, but it would not open. Thank goodness! I would just like to say that it is pathetic that people would spend time to do this crap! If you would only spend your time doing something productive!

Incognito said...

You are very welcome guys.

It seems everyone is being hit. Should stop eventually. when people stop opening them up and cleaning their computers if they were infected.

I know, they are very annoying!!