Warning: Greetingcardgarb.com virus spam

January 7, 2009

I recently got an email from a “Karen” (ajosie@laporte.com) with “Regards from Karen” as topic. The email was as follows:

Karen has mailed to you a postcard.
Click here to view your card:
(link removed)
Your eCard will be available for the next 40 days.

The link goes to a malicous website, greetingcardgarb.com, which displays a picture that, when clicked, will download an .EXE file — most likely, a virus or trojan, to the computer.

I didn’t find any information on this, so I decided to post this info here. Some googling gives us information on the domain holder:

Technical Contact:
Name: JIANCHENXIAN
Organization: JIANGCHENGXIAN
Address: CHENTINGLU17
City: wuhushi
Province/State: anhuisheng
Country: china
Postal Code: 241159
Phone Number: 86-0553-45190052
Fax: 86-0553-45190052
Email: JIANGCHENGXIAN_1@SINA.COM

DNSStuff says that the registrar is “XIN NET TECHNOLOGY CORPORATION”, which is, apparently, a known spam host.

Besides from — natch — not downloading the virus .EXE file and reporting the message as spam in Gmail, I guess there’s no more one can do; unless you’d want to hunt down the email address through Sima’s abuse function, or report the malicious domain somewhere.

Advertisements

4 Responses to “Warning: Greetingcardgarb.com virus spam”

  1. Adnan Says:

    I got this e-mail with the link to greetingcardgarb.com. Unfortunately I clicked it and clicked open card so I assume I downloaded the file. What should I do now?

  2. J Says:

    Thanks for this notice. I received one also purporting to be, incidentally, by a name I am somewhat familiar with. Glad I googled first.

  3. bolsjevik Says:

    @J: You’re welcome. Glad to help!

    @Adnan: I’m no expert, but if you only downloaded the file, and did not run it, you should be O.K. Just delete the file. Another idea is to simply run an anti-spyware, anti-virus scan. You should be able to find free ones at download.com, but try Malwarebytes’ Anti-Malware.

  4. Marzie Says:

    I just got one from “Jason” purported to be a Christmas greeting, luckily it wouldn’t open. The email address was:
    tdowling@us.usana.com The subject line was “Greeting for you”
    Here is the text of the message:
    Jason just mailed an E-card.
    To see your card Just click on the following link: http://greetingcardgarb.com/?cardnum=24e268da7e7236e9ede097bb4d9981
    (c) 123Christmas-Greetings
    Then I googled and found this site.
    Thank you.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: