Reuters reports that the eCard virus mania has now moved into the autumn festival with a number of reports of user’s computers being infected. There’s nothing particularly notable from a technical standpoint, eCards are just another example of social engineering.

Malware propagation via social engineering relies on a credible message from a known (or at least recognizable) sender. With an accompanying message such as “check this out”, or “happy ______”, people are fooled into clicking to a website or downloading and running software that will try to infect the computer with malware.

It really works quite well. I couldn’t find any numbers for it, but the holiday season must see a spike in this kind of activity as a lot of eCards get sent out. Some of them are malware. Once a victim’s computer is infected malware with worm functionality will send itself to everyone that can be found in one or many application’s address books.

Happy holidays!

Further Reading
Scambusters has a thorough review of eCard security issues.

Share This