By Robert McMillan

07-20-05 computerworld.com

Attackers turning to fake online greeting cards

The next e-card you get could include malware

JULY 19, 2005 (IDG NEWS SERVICE) - The next e-mail greeting card you get may come with a nasty surprise. According to Internet security vendor SurfControl PLC, attackers are increasingly using fake e-mail greeting cards as a way of getting malicious software installed on computers.

In fact, the amount of malicious e-mail being disguised as e-mail greeting cards is up about 90% from last year and now makes up more than half of all malicious e-mail being sent, according to Paris Trudeau, a product marketing manager at SurfControl.

The number of "phishing" attacks, in which users are tricked into entering personal information on fake Web sites, is also on the rise. But increasingly, attackers are looking for ways to trick users into downloading software that can be used to take over a computer, turning it into a so-called zombie machine, she said.

Often this can be done by sending an e-mail greeting that entices users to visit a maliciously encoded Web page, Trudeau said. Another trick is to mask an e-mail message so it appears to originate from the user's IT department.

Overall, malicious e-mail was on the rise during this year's second quarter. SurfControl said its e-mail filters tracked about 30% more of such messages than during the same period last year.

[an error occurred while processing this directive]