Many websites offer a service that allows a user to send a customized ‘’greeting card’’ (or ‘’postcard’’) to a relative, friend, or acquaintance, delivered as an e-mail message containing a hyperlink which the recipient follows to visit the originating site and view their card. Sending out phony e-card notifications is therefore an effective method of camouflaging viruses and inducing unwitting recipients into clicking on links that install malicious programmes onto their computers.
A wave of malicious messages sent out in June 2007 employed this very technique, arriving in inboxes bearing subject lines like ‘’You've received a postcard from a family member!’’ The messages contained URLs (links) that recipients are supposed to visit to retrieve their e-cards, but those URLs actually point to servers hosting a variety of malware (including a variant of the Storm Trojan, ‘an aggressive piece of malware that has been hijacking computers to serve as attacker bots’ since early 2007) that is secretly installed onto victims' PCs. (Generally, only un-patched Windows-based systems are vulnerable.)
The underlying worm is the same one that has appeared in messages with subject lines as ‘Sending You All My Love,’ the ‘Laughing Kitty,’ the ‘Dancing Skeleton,’ as well as several game and music download offers.
Many of these malicious messages imitate notifications from legitimate e-card sites, recipients should get into the habit of never clicking on links contained within e-card notification e-mails.
Since antivirus programmes will not protect your computer, the most important thing is for people to be extremely suspicious about where they go and what they click on. Never click on any link in an email from someone you don't know. Never click on a link in an advertisement on the internet; if you want to visit that site, look up the address yourself.