Uninvited Download

Today I received an e-card from a friend in the USA. It was on Greetings 123. Before I could open it I was beseiged with pop-ups from a programme called DriveCleaner announcing that it had - uninvited - scanned my computer and found evidence of over 600 pornographic sites I had visited. Who? Me? I think not!! It then started to download the programme to “clean my hard drive”, and the only way I could stop it in its tracks was to pull the plug on my computer.
I have learned for a contact that this is a nasty little spoof programme, and I have since found info on it on the Internet.
I’m not all that technoclever, but advice to all - take care what is coming in with free cards. The sender might be unwittingly sending you an unwanted gft. :o

e-cards have been featured in newsletters, etc. this is just one of the various social engineering methods to get you to visit a suspect site, thinking it is an e-greeting from a friend. There will be another one along next week/month mostly relating to current topics in the news, Christmas/New Year, etc. you have to be ready.

Basically never open attachments in unsolicited emails, nor click on links in unsolicited emails. Notice I said unsolicited emails and not just unknown emails, the from address is easy to fake and often comes from a friend/colleague whose system is infected sending emails to all in their address book.

You have to consider is this the action of the friend, to send you e-cards, etc. and confirm that it actually came from them (ring, email, etc.) but never take it at face value.

This one definitely came from a friend who e-mails me regularly. She says that she does not have this programme on her computer. Could it be that she does, but is unaware of it? She sends cards to others from this website regularly.
Thanks for advice on dealing with links etc.

There is a strong possibility that her system is infected, unless she definitely sent the email including the link.

She probably won’t have drivecleaner program but could be sending emails without her knowledge. That is the whole purpose of links to sites, they download the offending element that pop-up the warning of por n o graphy on your system when there is none to scare you into installing and or paying for a program.

Both of you should run one of these programs.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.

  1. Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.

You should also try this one. A new tool available from Rubber Ducky here http://www.malwarebytes.org/rogueremover.php

I run AdAware and Spybot. Can Ewido be added to these?
I have cleared out the temp files and cookies, run both and got the all clear.

Yes it is to mind a far superior program, you get 30 days free use of the resident functions and auto update before it downgrades to the fre version without resident protection. Not a problem you just run on-demand scans in the same way as the others.

Personally I would uninstall spybot as I don’t think it would add much to the protection levels when you have ewido, a.k.a. AVG anti-spyware and adaware.

From another aspect, if you are using Outlook Express, I recommend you reading this in order to make OE more secured, for example. Some may even advise you to give up OE totally, though.

I changed to Mozilla Firefox and Thunderbird some time ago, so receive virtually none of the nuisance spam e-mail that was appearing before then 8)

Improving security either by hardening OE or switching to a different email program, should have absolutely no impact on the amount of spam you receive, the spammer hasn’t got a clue or care what email program you have.

The only thing that will change the amount of spam you receive is either an anti-spam program or spam filter in your email program. The nuclear option is changing your email address to one not easy to guess like your name or a word. Spammers use what is called a dictionary attack, firing off emails to common names or words for a domain. Using an alphanumeric combination of at least 10 characters makes it harder for them and also for your friends and contacts.

Changed ISP and e-mail address at about the same time, so probably that made the difference :-[

David, I think gizmo meant spam filtering protection offered by Thunderbird. If you are using Mail Washer on your signature, of which I hear good things, there is no wonder why you value it highly, though.

Gizmo, if you are using Firefox, I’d recommend you using NoScript extension and one of the security advisory such as McAfee site advisor, for example. Spywarebluster is another good program, only if you are quite sure that nospyware are already in your system. You may find this site helpful.

Also, to avoid social engineering, you may simply ask the individual who is supposed to have sent the greeting card to you. Of course, at times, the nature of the mail may make it little tougher. In fact, there seem to be a worm taking advantage of Valentine season. Have to say it’s clever even if disgusting: it’s exploiting not weakness of our environment but ourselves. David seems to have already made good pieces of advice, though.

Mailwasher Pro is probably one of the best software purchases I’ve made. It saves lots of time by not having to download all the junk (only a very small part, user defined) to identify the spam and delete it from the email server, rather than have to download on dial-up a real pain.

I can remember when I bought it, years ago, I used the free version first, but the program updates to date have been free.

The card that brought the uninvited download definitely came from the sender, as I have been in touch to ask. A card from the same website at Christmas gave similar problems.
To date, thanks to Avast! I seem to have managed to escape too much intruder trouble. Long may it continue.
Currently I only run the XP Pro firewall. It that sufficient or should ZoneAlarm be added?
Thanks for all advice given. Am not too clued up in techno stuff so will take it in gradually.

Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.

Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.