Smith College TechNotes blog

Hot on the heals of the Valentine Storm Worm e-blast are more emails spoofing well-known e-card services. These spoof emails pose as e-cards but actually attempt to install trojan virus software on your computer.

McAfee Avert Labs posted this example: Valentine Nuwar

The spoof e-cards prompt you to download a file or visit a website to make the download. Before clicking on any links or downloading anything, examine the URLs and filenames to determine if they are legitimate. Malicious files often end in .exe (example: hallmark.gif[1].exe).

To examine the URL or filename of a link, follow the instructions below:

Firefox, Internet Explorer, Safari: The Status bar at the bottom of the window shows you where a link is directed. To turn on the Status Bar, click on the View menu and enable it.

GroupWise Client: To view the URL of a link, you can look at the Message Source. Click on the Message Source tab or toggle between HTML and Plain Text using the View menu.

Apple Mail: To examine the URL of a link, move your cursor over the link and hover there until the URL is revealed.

Most of the spoof e-cards have been blocked, but some particularly well crafted spoof e-cards have gotten to quarantine. Many of the e-cards look like they have been sent by a known recipient, so if you are in doubt, confirm that your friend intended to send you an e-card before opening it.

For extra protection against spoofers and phishers, consider installing McAfee Site Advisor for Firefox.