As I write this, it was 21 hours ago that I received an email that lists the sender as “postcard.com” and the title as “You have received a postcard !” Who doesn’t love receiving postcards, right? So I open the message and find the text immediately following my strong warning to you, dear reader, which is: DO NOT CLICK on the “here” link that’s listed in the following message:
Hello
You have just received a postcard from www.yahoo.com .
If you’d like to see the rest of the message click here to receive your animated postcard!===================
Thank you for using our services !!!
Please take this opportunity to let your friends hear about us by sending them a postcard from our collection !
==================
I’ve received many e-postcards before and this one just looked suspicious so I took a cautionary approach. First, I placed my mouse cursor over the www.yahoo.com link but did NOT click any mouse buttons (this is known in computer-speak as a “mouseover”). It did, indeed, point to Yahoo!, which was fine.
Next I did a mouseover on the word “here” and that’s when I discovered the virus, just waiting to strike! The address that the word “here” was linked to was a literal IP address (for those who may not know, and IP address is a series of numbers separated by periods, or “dots”, that can be entered instead of the NAME of an Internet site). Here’s that address (Warning: DO NOT attempt to navigate to this address!)
http://82.192.74.192/~audia6/postcard.gif.exe
I knew right away this was a suspicious link (because it did not clearly point to yahoo.com as the first address did) so I manually typed just the numbered portion into my web-browser’s window and pressed enter. It took me to an Internet Service Provider (ISP) called Skyberate Internet Services (SIS) located at http://skyberate.net.
I happen to know, due to my long-time working with computers, that the next part of that suspicious link (~audia6) was probably a user’s account name and directory, and the final portion of the suspicious address (postcard.gif.exe) was an executeable file that was meant to run when an unsuspecting person clicked on it.
Instead of clicking on the file to run it, as the person who sent the email would’ve liked me to do, I instead downloaded the file to my computer (using Firefox, I did this by right-clicking my mouse on the “here” link, then selecting “Save link as…”). Once I had the file on my computer, I right-clicked on the newly downloaded file and selected “Scan”, which told my installed McAfee anti-virus software to examine the file.
It found 4 viruses (or “virii” to be more correct)! The exact message was:
Infected by Generic component, IRC/Flood.ev, IRC/Generic Flooder, W32/Pate.b
I instructed McAfee to quarantine the file, then navigated through Skyberate’s web site until I found their customer support page. I sent them a message explaining what happened, including the email (complete with all headers). Wow—within a minute of sending that email I got an automated response from Skyberate, and only a few minutes after that I received a real-person response saying that my concern had been forwarded to their Administration department for further evaluation.
That, dear readers, is just good customer service and please bear in mind that I am not a Skyberate customer!
Only about a half-hour ago (as I write this post) I received an email from Skyberate telling me the user account (~audia6) had been deleted.
Thank you, Skyberate, for being so responsive and responsible in your handling of this matter. It’s probably impossible to calculate how many users were spared from infection due to Skyberate’s fast action in this matter.
This blog post is simply my way of thanking them on behalf of everyone who’s been spared the trouble of infection, cleansing and restoration, so here goes:
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment