AVIEN
 
Home    AVIEN    News    Contacts    Links

Virus and other Malware Information


FRIENDGREETINGS is a new threat. It takes advantage of the EULA (End User License Agreement). A individual will receive notification that they have received an electronic greeting card. When they go to the URL included in the memo, they are presented with the EULA. When they click"OK" they are agreeing that actions/activity will occur on or from their PC. Several types of actions/activity have been seen, i.e.: SPAM mail, prono sites, etc.

Here are some websites with more detailed information:

http://www.symantec.com/avcenter/venc/data/w32.friendgreet.worm.html
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRIENDGRT.A
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRIENDGRT.B
http://www.sophos.com/virusinfo/articles/greetings.html
http://www.f-secure.com/v-descs/friendgr.shtml
http://vil.nai.com/vil/content/v_99760.htm
http://vil.nai.com/vil/content/v_99789.htm
http://vil.nai.com/vil/content/v_99799.htm
http://vil.nai.com/vil/content/v_99817.htm

The following is a list of all the known sites that have been reported to AVIEN, along with the IP address and reference material that can be found at vendor web sites. As new sites are reported, this information will be updated.

You may wish to block the following URLs or IP addresses to prevent the spread of this malware. Replace the "DOT" with ".", removing any extra spaces.

64.191.7 DOT 4 (64.191.7.4)
65.240.226 DOT 241 (65.240.226.241)
207.21.232 DOT 104
cool-download DOT com
cool-download DOT net
cool-downloads DOT com (65.89.168.69)
cool-downloads DOT net (65.89.168.6)
friendcard DOT com
friend-card DOT com
friendcard DOT net (216.65.63.139)
friend-card DOT net
friendcards DOT com (216.34.38.97)
friend-cards DOT com (207.21.232.104)
friendcards DOT net
friend-cards DOT net (207.21.232.104)
friendgreeting DOT com
friend-greeting DOT com (207.21.232.104)
friendgreeting DOT net
friend-greeting DOT net
friendgreetings DOT com (64.177.216.163)
friend-greetings DOT com (207.21.232.104)
friendgreetings DOT net (65.89.168.14)
friend-greetings DOT net (207.21.232.104)
net3.net-downloads DOT com (65.89.168.80)
pv1.us-downloads DOT com (207.21.232.104)
surprisecard DOT net
surprisecard DOT net
surprise-card DOT net
surprisecards DOT net (66.226.64.2)
surprise-cards DOT net
surprise-cards DOT net
surprisegreeting DOT net
surprisegreeting DOT net
surprise-greeting DOT net
surprise-greeting DOT net
surprisegreetings DOT net
surprisegreetings DOT net
surprise-greetings DOT net
surprise-greetings DOT net
www.hkg3 DOT com (209.68.16.232, 64.127.183.17, 64.127.186.78, 64.177.216.163)
www.laugh-mail DOT com (207.21.232.104)

Known Subject Lines:


today sent you an e-card : HOU.
sent you a greeting -- HOU.
just sent you a postcard -- HOU.
HOU you've today received a greeting card from .
just created you a postcard - HOU.
HOU you recently received a card created by .
recently sent you an ecard -- HOU.
HOU you've received a postcard from .
HOU you recently received a greeting card from .
HOU you have received a postcard emailed by .
HOU you have received an e-card sent by .
HOU you have today received a postcard sent by Jorge.
HOU you've recently received an e-card sent by .
just emailed you a card : HOU.
recently created you a greeting card -- HOU.
HOU you recently received a card sent by .
HOU you've recently received a postcard created by
HOU you recently received a postcard created by .
HOU you recently received an ecard emailed by Temp.

 
Home    AVIEN    News    Contacts    Links