PocketMatrix

This doesn't have anything to do with Pocket PCs, but I wanted to warn all my friends here at PM.

There's a new type of Worm going around that is totally overt. It even makes you agree to an EULA in its installer that says you agree to allow it to get all the addresses from your Outlook contacts and send out copies to them. It comes in the form of a digital postcard. It uses a signed ActiveX control to load an installer, which is a few MB download. Everything is basically legitimate as far as it being a verified content publisher, etc.


A sample of an email I have received:

Greetings!

John Doe has sent you an E-Card -- a virtual postcard from FriendGreetings.com.
You can pickup your E-Card at FriendGreetings.com by clicking on the link
below.


More info can be found at:
http://slashdot.org/articles/02/10/25/1 ... tml?tid=95

http://h2o.law.harvard.edu/viewRotisser ... serieId=70

Dan East

the site went down didnt it? i though they pulled it cuz people got really pissed. plus it ASKS you if you want to install it. If this is the virus im thinking of.[/i]

It was up as of around 30 minutes ago, although I can't get back into it at the moment.

Dan East

Detailed info and removal instructions can be found here:
http://vil.mcafee.com/dispVirus.asp?virus_k=99760

It has an uninstaller, but it's hard to tell if there was something covert installed as well.

I'll leave this topic sticky for a couple days until all the PM regulars have a chance to read it.

Dan East

It's the first worm with a EULA. I'm still not too decided on whether this is a real threat (like Klez, ILOVEYOU, etc) but it's still very bad nonetheless. And everyone will click on it because they love those greeting cards.. *sigh*

Homer: Oooohhh a greeting card.

Bart: Dad don't do it, it's a virus!

Homer: I...just..can't...help..it..it's..so..*click*

Homer: DOH!

I had 30 turn up in my inbox the other day - all from the same guy.

He must really love you :P

Pest Patrol from Sunbelt software found two keystroke loggers (executables)on my home machine running XP.
I'm behind a cable router with NAT, and XP's firewall enabled.
So the only way I got this stuff was from what I thought was a legit download.
(I never download e-cards)
So now I check every week with Pest Patrol, Norton Anti Virus,I Hate Spam, and TweakIE to keep things under control.
Here's some links if you want to evaluate:

Pest Patrol: www.pestpatrol.com/
TweakIE http://www.tweakie.com/
I Hate Spam: http://www.sunbelt-software.com/product.cfm?id=930
Treeman

Never download from non-legit sites. Foo

Meh. As long as your careful, you'll be fine. I download a LOT, and I never run antiviruses, though when I do, I don't have any problems. Just don't do stupid things like BonziBuddy and you should be mostly fine..