Beware: You've received a postcard from a family member!

Just received the message below and doing anything with it (aside from warning the world) would violate several rules including:

NEVER open a link when you don't know the sender. As I recall, every e-card I've ever received at least said who the card was from before asking me to click through.

NEVER click on an e-mail link that only has an IP address. A legit link would be to something like "cards.egreetings.com," not 88.xxx.xxx.xxx. This particular address is somewhere in the Netherlands.

NEVER run a program or allow a plug-in when you can't absolutely trust where it came from. This one asks you to either run an .exe or download an "Outlook plug-in." As far as I'm concerned anyone who allows either of these probably deserves what they get. Man, the stuff they should be teaching kids in school these days.

Good day.

 

Your family member has sent you an ecard from 123greetings.com.

 

Send free ecards from 123greetings.com with your choice of colors, words and music.

 

Your ecard will be available with us for the next 30 days. If you wish to keep the ecard longer, you may save it on your computer or take a print.

 

To view your ecard, choose from any of the following options:

 

--------

OPTION 1

--------

 

Click on the following Internet address or copy & paste it into your browser's address box.

 

http://82.156.24.59/?<my_supposed_key>

 

--------

OPTION 2

--------

 

Copy & paste the ecard number in the "View Your Card" box at http://82.156.24.59/

 

Your ecard number is

<edited out>

 

Best wishes,

Postmaster,

123greetings.com

 

Using any WHOIS server to find out who owns that IP address, you can learn that this rabbit hole leads to the RIPE Network Coordination Centre in the Netherlands, it might as well lead straight to hell. In turn that registry points here, what looks to be a cable internet operator called Wanadoo Netherlands. 

% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '82.156.0.0 - 82.156.255.255'

inetnum:         82.156.0.0 - 82.156.255.255
netname:         WANADOO-CABLE
descr:           Wanadoo Nederland
descr:           Muiderstraat 1
descr:           1011 PZ Amsterdam
country:         NL
admin-c:         EIAR1-RIPE
tech-c:          EIAR1-RIPE
status:          ASSIGNED PA "status:" definitions
mnt-by:          EURONET-MNT
source:          RIPE # Filtered

role:            EuroNet Internet Administrative Role Account
address:         Orange Breedband Nederland B.V.
address:         Network Department
address:         Muiderstraat 1
address:         1011 PZ Amsterdam
address:         The Netherlands
phone:           +31 20 535 5555
fax-no:          +31 20 535 5400
e-mail:          eiar1@euro.net
admin-c:         RK31337-RIPE
tech-c:          BL78
tech-c:          GD31337-RIPE
tech-c:          HT772-RIPE
nic-hdl:         EIAR1-RIPE
remarks:         In case of abuse issues, please contact abuse@wanadoo.nl
mnt-by:          EURONET-MNT
source:          RIPE # Filtered

% Information related to '82.156.0.0/15AS5390'

route:           82.156.0.0/15
descr:           Wanadoo Nederland
origin:          AS5390
mnt-by:          EURONET-MNT
source:          RIPE # Filtered

 

After a little searching I found addresses for both a helpdesk and a place to report abuse. With a little luck, someone will read that mail and shut this down before you or I wind up spending another moment repaving a friend's machine.

 

Published Friday, June 29, 2007 2:15 PM by erobillard
Filed under: , , ,

Comments

Friday, June 29, 2007 3:52 PM by jayson knight

# re: Beware: You've received a postcard from a family member!

I've been getting the same emails lately as well. I cannot reiterate enough your rule number one, to the point where I now manually type in link addresses from senders I don't know...I don't trust tooltips to be truthful in what the link actually is.

Saturday, June 30, 2007 11:30 PM by Brian Scott

# re: Beware: You've received a postcard from a family member!

I just got the same one too an hour ago, except family is replaced with neighbor and 123greetings.com is replaced with freewebcards.com. The link is to 89.215.245.201 which looks to be in Bulgaria.

Sunday, July 01, 2007 5:58 PM by R Sather

# re: Beware: You've received a postcard from a family member!

I clicked on the link!  The web site didn't appear to open, but... Does anyone know how I can detect whether my PC is infected?  I'm running AVG Free edition anti-virus, but I don't know if their database detects this virus.

Sunday, July 01, 2007 6:48 PM by Chris

# re: Beware: You've received a postcard from a family member!

I received the same message two days ago, except mine was replaced with "e-cards.com" with the IP address 89.110.10.118.  A quick whois shows it's from the "Russian Federation St.petersburg Telephone Network".

Stupid fools!

Sunday, July 01, 2007 7:06 PM by Daniel

# re: Beware: You've received a postcard from a family member!

Im getting that crap also , i haven open up or followed any links tho , i was wondering if we are talking about a virus , trojan , phising or what .

Sunday, July 01, 2007 9:46 PM by Will

# re: Beware: You've received a postcard from a family member!

I recieved two of these emails today and the searchs came up that one was in Amsterdam Netherlands, (RIPE Network Coordination Centre) and one was in a suburb of Brisbane Australia (Asia Pacific Network Information Centre)

OrgName:    Asia Pacific Network Information Centre

OrgID:      APNIC

Address:    PO Box 2131

City:       Milton

StateProv:  QLD

PostalCode: 4064

Country:    AU

OrgName:    RIPE Network Coordination Centre

OrgID:      RIPE

Address:    P.O. Box 10096

City:       Amsterdam

StateProv:  

PostalCode: 1001EB

Country:    NL

Monday, July 02, 2007 9:55 AM by Tanya

# re: Beware: You've received a postcard from a family member!

I just got this too and, like an idiot, CLICKED!

I'm running Norton right now, but I don't know if that will do it. Sh*t!

Monday, July 02, 2007 1:11 PM by A Monkey

# re: Beware: You've received a postcard from a family member!

This is part of a world-wide "Trojan Storm" or "Storm Trojan".  Antivirus progs are not catching it, however, antispam ones are.  So, please DON"T click on it.  

Tuesday, July 03, 2007 10:22 AM by erobillard

# re: Beware: You've received a postcard from a family member!

Great comments everyone. Blog it, tell friends about it, spread the word. We won't get rid of it, but maybe this is the kick we need to educate the masses who haven't yet learned the lessons.

Cheers,

-e.

Saturday, July 07, 2007 1:05 AM by xpherion

# re: Beware: You've received a postcard from a family member!

I clicked on this and got key logger spyware. AVG doesn't pick this. I used housecall.trendmicro.com and found the keylogger. My IP address is coming from Arizona.

Wednesday, July 11, 2007 2:26 PM by Jeptha

# re: Beware: You've received a postcard from a family member!

I run Firefox which gives you a warning. As I was running linux at the time I decided to click the link. It opens a page that says your download will begin in 5 seconds, if not click here. I right clicked the "click here" and it was called "Patch.exe".

Obviously a trojan. If you don't run firefox I reccomend that you do.

Saturday, July 14, 2007 8:13 AM by Carlos Monzon-Guzman

# re: Beware: You've received a postcard from a family member!

I've been receiving these e-mails into my spam folder.  They've come from the following:

---@yahoo.com.mx

---@covad.net

---@gac.edu

---@specialdevices.com

---@pacifier.com

---@tietzenet.com

---@gecapital.com

---@farms.com

---@unb.ca

---@vt.edu

---@processequip.com

I have not opened any links, but, I've checked the websites.  Some, seem to be from legitimate places.

Sunday, July 22, 2007 11:18 AM by luis

# re: Beware: You've received a postcard from a family member!

How can I get rid of this

Sunday, August 26, 2007 4:51 PM by Mike Perushek

# re: Beware: You've received a postcard from a family member!

This is what I don't understand. Why do you click on the link?

I know not everyone is computer savvy but with all the spam and plishing emails and viruses going around, you think people would have the common sense not to click on every email that comes their way. That's how this stuff spreads, infects other computers and major corporations and does the job of the criminals that wrote them.  WAKE UP.

Monday, November 26, 2007 5:40 PM by N

# re: Beware: You've received a postcard from a family member!

Firefox and thunderbird. Thunderbird has a way to view email before you open it, and even gives you certain filters. Not too sure how it'll work with the Trojan storm

Tuesday, December 04, 2007 10:52 AM by Seb

# re: Beware: You've received a postcard from a family member!

Avert Labs HOAX Notice!!

McAfee Avert Labs would like to inform you of an email HOAX.

This email message is just a HOAX, currently we know of no other message that the user will receive about the HOAX as the initial email states. AVERT has not received any report of a user's hardware being damaged by receiving the email.

We are advising users who receive the email to delete it and DO NOT pass it on as this is how an email HOAX propagates.

Below is the actual text from the message that may be received via email.

Friday, December 07, 2007 10:51 AM by erobillard

# re: Beware: You've received a postcard from a family member!

Seb, it's not a viral hoax. The message doesn't ask the user to "pass it on," the message asks the user to visit a (potentially) malicious URL. So more like potentially malicious spam. The point is: watch what you click.

Great feedback from everyone. What it shows: You can't condemn a domain (like 123greetings.com) because it's possible to fake this stuff. Watch what you click. Never Open or Run any download unless you know who the sender is and have confirmation of what the file contains.

Wednesday, April 02, 2008 7:11 AM by De

# re: Beware: You've received a postcard from a family member!

I received an e-mail warning me about the family postcard e-mail virus. I usually look it up first to see if it is a hoax or not.  I have in the past after reading some coments, gotten e-mails from greeting card sites and not saying who sent it to me. It was automatically deleted and then totally deleted from my computer (shift key then delete). I have used 123greetings.com before and found it a good site. Thanx for the info. So what I gather it is a hoax? I usually like to research before I pass on info about a virus in case it is a hoax.

Leave a Comment

(required) 
(required) 
(optional)
(required)