[StBernard] New Computer Virus

[Westley Annis]

Read the whole thing, snopes says it's a legitimate virus



	LEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS!
	You should be alert during the next few days. Do not open any message
	with an attachment entitled 'POSTCARD,' regardless of who sent it to
	you. It is a virus which opens A POSTCARD IMAGE, which 'burns' the
	whole hard disc C of your computer. This virus will be received from
	someone who has your e-mail address in his/her contact list. This is
	the reason why you need to send this e-mail to all your contacts.
	It is better to receive this message 25 times than to receive the virus
	and open it.
	If you receive a mail called' POSTCARD,' or with POSTCARD in the subject line,
	even though sent to you by a
	friend, do not open it! Shut down your computer immediately.
	This is the worst virus announced by CNN. It has been classified by
	Microsoft as the most destructive virus ever. This virus was
	discovered by McAfee yesterday, and there is no repair yet for this
	kind of virus. This virus simply destroys the Zero Sector of the Hard
	Disc, where the vital information is kept.
	COPY THIS E-MAIL, AND SEND IT TO YOUR FRIENDS.
	
	



Postcard
Virus:   You've Received a Postcard from a Family Member!

Status:   Real virus.

Examples:   [Collected via e-mail, June 2007]

Subject: You've received a postcard from a family member!

Good day.

Your family member has sent you an ecard from notme.hk.

Send free ecards from notme.hk with your choice of colors, words and music.

Your ecard will be available with us for the next 30 days. If you wish to keep the ecard longer, you may save it on your computer or take a print.

To view your ecard, choose from any of the following options:

--------
OPTION 1
--------

Click on the following Internet address or copy & paste it into your browser's address box.

http://notme.hk/?6e47840d8e117868911e6c3 <http://www.snopes.com> 

--------
OPTION 2
--------

Copy & paste the ecard number in the "View Your Card" box at http://notme.hk/ <http://www.snopes.com> 

Your ecard number is
6e47840d8e117868911e6c3

Best wishes,
Postmaster,
notme.hk

*If you would like to send someone an ecard, you can do so at http://notme.hk/


Variations:   Other subject lines used with this message include the following:
     •     You've recieved a Hallmark E-Card!
     •     You've received a greeting card from a school-mate!
     •     You've received a greeting ecard from a class mate!
     •     You've received a greeting ecard from a neighbour!
     •     You've received a greeting postcard from a partner!
     •     You've received a greeting postcard from a worshipper!
     •     You've received a postcard from a family member!
     •     You've received a postcard from a neighbour!
     •     You've received a postcard from a worshipper!
     •     You've received an ecard from a colleague!
     •     Class-mate sent you an ecard from vintagepostcards.com!
     •     Colleague sent you a greeting ecard from postcardsfrom.com!
     •     School mate sent you a greeting ecard from greetingcard.org!
     •     Family member sent you a postcard from dgreetings.com!
     •     Neighbour sent you a greeting ecard from NetFunCards.com!
     •     School-mate sent you an ecard from mypostcards.com!
     •     Worshipper sent you an ecard from greetingcard.org!
     •     Colleague sent you a postcard from egreetings.com!
     •     Neighbour sent you a greeting ecard from all-yours.net!
     •     School friend sent you an ecard from postcards.org!
     •     Holiday e-card
     •     Movie-quality e-card
     •     Love postcard
     •     Birthday e-card
     •     Thank you card
     •     Musical postcard
     •     Funny postcard

Origins:   Many web sites offer a service that allows a user to send a customized "greeting card" (or "postcard") to a relative, friend, or acquaintance, delivered
as an as a message containing a hyperlink which the recipient follows to visit the originating site and view the card. Sending out phony messa notifications is therefore an effective method of camouflaging viruses and inducing unwitting recipients into clicking on links that install malicious programs onto their computers.

A wave of malicious messages (like the one reproduced above) sent out in June 2007 employed that very technique, arriving in inboxes bearing subject lines such as "You've received a postcard from a family member!" The messages contain URLs that recipients are supposed to visit to retrieve their A wave but those URLs actually point to servers hosting a variety of malware (including a variant of the Storm <http://www.snopes.com/computer/virus/storm.asp>  Trojan, "an aggressive piece of malware that has been hijacking computers to serve as attacker bots" since early 2007) that is furtively installed onto victims' PCs. (Generally, only unpatched <http://windowsupdate.microsoft.com/>  Windows-based systems are vulnerable.)

The underlying worm is the same one that has appeared in messages with subject lines as "Sending You All My Love," the "Laughing Kitty," the "Dancing Skeleton," as well as several game and music download offers. According to spamtrackers.eu <http://spamtrackers.eu/wiki/index.php?title=Storm> : The storm network is large enough to cut off internet access from any institution its operators choose to attack via a "distributed denial of service attack," in which hundreds or thousands of computers request files from a server simultaneously. The entire country of Estonia was brought down that way last year. The network is actually available for rent for anyone who wishes to use it to send spam, host illegal websites, or stage denial of service attacks.

Storm is a serious threat for several reasons. It communicates "peer-to-peer" instead of via a "command and control" network. For that reason, you can't just disable a few computers that are feeding instructions to the others. The virus download is encrypted, so it is difficult for antivirus programs to recognize, and infected computers are updated by the peer network on a daily basis to keep antivirus programs from recognizing it once they are updated to recognize previous editions of the virus. The number of infections worldwide is massive, and a quarter of them are on major networks in the US like SBC, Comcast, and Roadrunner. That means that a bank or other business under denial of service attack can't simply block all traffic from certain segments of the internet, because it would be blocking its own users that are sharing those same internet addresses with storm infected computers as they log in and out of the internet. It is believed that Storm's operators are located in St. Petersburg, Russia, are known to the Russian government, and enjoy its protection.

Since antivirus programs will not protect your computer, the most important thing is for people to be extremely suspicious about where they go and what they click on. Never click on any link in an email from someone you don't know. Never click on a link in an advertisement on the Since antivi you want to visit that site, look up the address yourself.
Since many of these malicious messages imitate notifications from legitimate Sinc sites, recipients should get into the habit of never clicking on links contained within sites notification notific Instead, go directly to the web site of the card company, find the card pickup page within that site, and enter the ID code included in the Inste (If the message was a fake, the worst that will happen is that you won't get a card.)

NOTE:   Readers should take particular care not to confuse the real postcard/greeting card virus with the "Virtual Card for You" hoax that has been circulating for several years. Some of the "Postcard" warnings contribute to this confusion by including within them a link to our article <http://www.snopes.com/computer/virus/virtualcard.asp>  about the "Virtual Card for You" hoax. They're not the same thing, despite some about warnings that erroneously present them as such. Other versions of the postcard virus warning mistakenly combine it with the Invitation <http://www.snopes.com/computer/virus/invitation.asp>  virus hoax: Get this E-mail message sent around to your contacts ASAP. PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS! You should be alert during the next few days. Do not open any message with an attachment entitled 'Invitation' OR ONE CALLED 'POSTCARD,' Regardless of who sent it to you. It is a virus which opens an Olympic Torch OR A POSTCARD IMAGE, which 'burns' the whole hard disc C of your computer. This virus will be received from someone Who has your e-mail address in his/her contact list. This is the reason why you need to send this e-mail to all your contacts. It is better to receive this message 25 times than to receive the virus and open it.

If you receive a mail called 'Invitation' even though sent to you by a friend, do not open it. Shut down your computer immediately. This is the worst virus announced by CNN. It has been classified by Microsoft as the most destructive virus ever. This virus was discovered by McAfee yesterday, and there is no repair yet for This kind of virus. This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept.

COPY THIS E-MAIL, AND SEND IT TO YOUR FRIENDS. REMEMBER: IF YOU SEND IT TO THEM, YOU WILL BENEFIT ALL OF US.
Additional information:
      W32/Zhelatin.gen!eml
  (McAfee)
Last updated:   18 February 2008

The URL for this page is http://www.snopes.com/computer/virus/postcard.asp

Urban Legends Reference Pages © 1995-2008