E-Greetings Pose Security Risk

Cyber criminals are increasingly using e-greetings to lure consumers into clicking on links that download malicious code into their computers, a security expert said Tuesday.

Over the last three months, Internet security vendor SurfControl Plc has tracked a 30 percent jump in malicious e-mail threats, with more than half attempting to entice recipients to click on a link that takes them to a fictitious e-greeting card.

"This rise in malicious e-greeting attacks is being driven by a multi-billion dollar black market for stolen information," Susan Larson, vice president of global threat analysis for SurfControl, said in a statement.

In addition, there has been a sharp rise in the number of e-mails disguised as legitimate communications from a company's IT department or other legitimate business group, the Scotts Valley, Calif.-based, company said.

The number of malicious code-based e-mail threats is expected to double over the next quarter, according to SurfControl.

The malicious e-greeting messages, which are often difficult to detect at a casual glance, direct the recipient to click on a link that takes them to a normal-looking e-greeting card. Behind the HTML, however, is Java script that gathers vital computer settings, such as operating system, browser, virtual machine and anti-virus settings, and then downloads a Trojan best suited for infecting the machine.

The attackers hope to turn the computer in zombies for sending illegal spam messages, or to install key-loggers in order to try to steal passwords used in online banking or other websites, SurControl said.