You’ve received a postcard from a family member!
My mom received the e-mail below this message. When I clicked on the url it sent me to a web page that says they are testing a new browser feature and if it doesn’t work to click a link. That link tries to get you to download an executable program.
I’m not willing to expose my computer to a possible virus risk so I didn’t download the program file. I also don’t know anyone in Hong Kong. I checked several sites to see if it might be a virus but I didn’t see anything about a new virus like this one.
Here’s the e-mail:
Date sent: Wed, 27 Jun 2007 23:23:08 -0500
From: “glove8z.hk” <onc@bellsouth.net>
<onc@bellsouth.net>Subject: You’ve received a postcard from a family member!
<onc@bellsouth.net>To:
<onc@bellsouth.net>
<onc@bellsouth.net>Good day.
<onc@bellsouth.net>
<onc@bellsouth.net>Your family member has sent you an ecard from glove8z.hk.
<onc@bellsouth.net>
<onc@bellsouth.net>Send free ecards from glove8z.hk with your choice of colors, words and music.
<onc@bellsouth.net>
<onc@bellsouth.net>Your ecard will be available with us for the next 30 days. If you wish to keep
<onc@bellsouth.net>the ecard longer, you may save it on your computer or take a print.
<onc@bellsouth.net>
<onc@bellsouth.net>To view your ecard, choose from any of the following options:
<onc@bellsouth.net>
<onc@bellsouth.net>——–
<onc@bellsouth.net>OPTION 1
<onc@bellsouth.net>——–
<onc@bellsouth.net>
<onc@bellsouth.net>Click on the following Internet address or
<onc@bellsouth.net>copy & paste it into your browser’s address box.
<onc@bellsouth.net>
<onc@bellsouth.net>http://glove8z.hk/?516c3c2cd8a7c0b58e47d14c775ed2175ee
<onc@bellsouth.net>
<onc@bellsouth.net>——–
<onc@bellsouth.net>OPTION 2
<onc@bellsouth.net>——–
<onc@bellsouth.net>
<onc@bellsouth.net>Copy & paste the ecard number in the “View Your Card” box at
<onc@bellsouth.net>http://glove8z.hk/
<onc@bellsouth.net>
<onc@bellsouth.net>Your ecard number is
<onc@bellsouth.net>516c3c2cd8a7c0b58e47d14c775ed2175ee
<onc@bellsouth.net>
<onc@bellsouth.net>Best wishes,
<onc@bellsouth.net>Postmaster,
<onc@bellsouth.net>glove8z.hk
<onc@bellsouth.net>
<onc@bellsouth.net>*If you would like to send someone an ecard, you can do so at
<onc@bellsouth.net>http://glove8z.hk/
<onc@bellsouth.net>I did a lot of searching to see if there was anything out there about this being a way to send a virus. My end result. . . damned if I know. I did find several posts of very similar e-mails that read exactly the same except that the ecard number and the beginning of the URL was different. All had the .hk locator in the url, though.
I know this, we have no family in Hong Kong and we know no one who lives in Hong Kong.
My personal standard is if it stinks don’t open it. Or save it. This stinks, so I’m not opening it.
If anyone else has seen something like this or knows anything about this, please let me know.
<onc@bellsouth.net>
Len:
I've received this same email a number of times. If it isn't a virus, it's definitely spam. My advice is trash it.
28 June 2007, 7:38 pmJim Johnson:
I also received a similar email, although mind didn't have the glove8z.hk domain - it was faked as if it came from greetingcards.org but the redemption link was an IP address registerd in Latvia.
This is clearly spam, but more importantly the site in question probably installs some kind of malware on the users computer. Generally this is a problem for IE users.
My spam filter sniffed it out right away, so I didn't have to worry about the problem. But tell anyone who gets one of these not to click on the links.
29 June 2007, 6:58 amBartleby:
My simple rule: if I've never heard of it, don't open it. But that's before I started the blog thing - so maybe that is not as easy to do when you get more 'unknown' e-mails.
- psst…Laura…. it's ME!
29 June 2007, 7:24 pmStill.
I'm sure you had a hard time figuring that out.
kip152:
Jim's right - malware the big issue here. Glad you didn't open it!
29 June 2007, 8:49 pmTylonius:
I believe it is a zombie program. The latest in spam is to send out tiny programs – little more than scripts – that use your computer and internet connection to send out spam.
This activity happens in the background and doesn’t disrupt the user in any noticeable way…while millions of spam messages pour out of your computer.
It’s really brilliant actually, as a distributed computing application; but yeah, you don’t want it on your machine.
30 June 2007, 12:37 amFlynn Haskell:
This is in fact a virus. Stay away from it.
30 June 2007, 2:07 amZoey & Me:
It is a virus. It hit my spam folder nine times, same exact language as you posted. But I haven't seen it back in about a week so maybe it has run its' course. Good idea to put it up on your blog.
30 June 2007, 11:00 amSajjad:
It looks quite innocent, but it's some sort of spam/phishing scam. Another one, this one definitely a virus, is making the rounds in the form of a PDF with a subject ending in ".pdf". Time to update the filters.
30 June 2007, 12:35 pmPeggy:
It's a level 2 virus. It's called Storm Trojan or Small.DAM
It has other alias' also: Trojan-Downloader.win32.Small.DAM, Trojan.Downloader-647, and some other alias'
I've gotten one from rabyway.hk
You can get more information about it here: http://www.f-secure.com/v-descs/small_dam.shtml#top
11 August 2007, 3:24 pm