Fact Check

FriendGreetings.com Virus

Information about the 'FriendGreetings.com' site.

Published Oct. 28, 2002

Claim:

Claim:   Opening a greeting card from FriendGreetings.com can trigger a software download that will automatically send an e-card to everyone in your address book.


Status:   True.

Example:   [Collected on the Internet, 2002]




Beware: If you use Microsoft Outlook to access email on your home computers, please keep this warning in mind.

Please be aware of any email inviting you to open a greeting card from "friendgreetings.com". When you go to the Web site to open the greeting card, you will be prompted to install software. You should NOT install this software.

If you were to install this software, "friendgreetings.com" will attempt to send marketing email to everybody in your Microsoft Office address book (friendgreetings.com actually tells you that this will happen in their
end-user license agreement). It is bad practice to install an application that knowingly accesses this type of information on your system.


A WARNING FOR ECARD USERS/RECIPIENTS:

There's a new card company called "FriendGreetings.com". The following
also applies to:
https://www.laugh-mail.com
https://www.friend-cards.net
https://www.friend-cards.com
https://cool-downloads.net
https://friendgreetings.net
https://friend-greetings.com

When you (or your recipient) get(s) a card notification from them and click on the link, it will take you to their site. You will be notified that you have to install an ActiveX control in order to view the card.

When you begin to install, the first thing that pops up is what is known as a "EULA" (End User License Agreement). It is very long, and you will not read it. They're counting on that. When you scroll to the bottom of it and click "Accept," you have agreed to the terms of the EULA.

Part of what you will have agreed to is to have monitoring/spyware software installed on your computer which will periodically report a vast array of data back to the card company. The other part that you've agreed to is to have the software send mail to EVERY SINGLE ADDRESS IN YOUR ADDRESS BOOK.

In short, you've voluntarily agreed to install a virus-type product on your machine. This is not a good thing.

Since there is no virus in the email, and since you're VOLUNTARILY agreeing to install the ActiveX component, VIRUS CHECKERS WILL NOT CATCH THIS.

Just a reminder: DO NOT RUN ANYTHING FROM THE INTERNET WHICH REQUIRES A EULA AGREEMENT.



Origins:   The chain begins when you receive an e-mail message like the following:



Subject: snopes you have an E-Card from Barbara.

Greetings!

Barbara has sent you an E-Card — a virtual postcard from FriendGreetings.com. You can pickup your E-Card at the FriendGreetings.com by clicking on the link below.

https://www.friendgreetings.com/pickup/pickup.aspx?code=snopes&id=A676543B45

Message:
------------------------------------------------------------------------
snopes,
I sent you a greeting card. Please pick it up.
Barbara
------------------------------------------------------------------------


Should you attempt to retrieve the greeting card sent to you by visiting the URL provided, you will be prompted to download and run an installer package:

If you download and install this software (and accept the license agreement), the installed program will go through your Microsoft Outlook address book and send a mail message just like the one reproduced immediately above to every entry in your address book, thus creating a continuous chain of greeting card recipients unknowingly sending cards to even more recipients. Note that this is not a "bug" or the result of a web site's software having been infected by a "virus"; this is the intended behavior of the FriendGreetings.com (and other) e-cards as explictly described in the license agreement shown above.

If you have already installed the FriendGreetings application, you can deinstall it by following the removal instructions on the McAfee.com web site.

Last updated:   27 January 2008


David Mikkelson founded the site now known as snopes.com back in 1994.