Warning: Greetingcardgarb.com virus spam

I recently got an email from a “Karen” (ajosie@laporte.com) with “Regards from Karen” as topic. The email was as follows:

Karen has mailed to you a postcard.
Click here to view your card:
(link removed)
Your eCard will be available for the next 40 days.

The link goes to a malicous website, greetingcardgarb.com, which displays a picture that, when clicked, will download an .EXE file — most likely, a virus or trojan, to the computer.

I didn’t find any information on this, so I decided to post this info here. Some googling gives us information on the domain holder:

Technical Contact:
Name: JIANCHENXIAN
Organization: JIANGCHENGXIAN
Address: CHENTINGLU17
City: wuhushi
Province/State: anhuisheng
Country: china
Postal Code: 241159
Phone Number: 86-0553-45190052
Fax: 86-0553-45190052
Email: JIANGCHENGXIAN_1@SINA.COM

DNSStuff says that the registrar is “XIN NET TECHNOLOGY CORPORATION”, which is, apparently, a known spam host.

Besides from — natch — not downloading the virus .EXE file and reporting the message as spam in Gmail, I guess there’s no more one can do; unless you’d want to hunt down the email address through Sima’s abuse function, or report the malicious domain somewhere.

Advertisements

4 thoughts on “Warning: Greetingcardgarb.com virus spam

  1. I got this e-mail with the link to greetingcardgarb.com. Unfortunately I clicked it and clicked open card so I assume I downloaded the file. What should I do now?

  2. Thanks for this notice. I received one also purporting to be, incidentally, by a name I am somewhat familiar with. Glad I googled first.

  3. @J: You’re welcome. Glad to help!

    @Adnan: I’m no expert, but if you only downloaded the file, and did not run it, you should be O.K. Just delete the file. Another idea is to simply run an anti-spyware, anti-virus scan. You should be able to find free ones at download.com, but try Malwarebytes’ Anti-Malware.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s