By Robert Vamosi This company has a crafty scheme: You receive an e-mail message that looks like an electronic greeting card from FriendGreetings.com. The e-mail asks you to download a plug-in in order to view the card. It then presents you with a legitimate end-user license agreement (EULA), which you must accept in order to get the software. Tactic could be used in viruses But if you read the fine print, you'll see that the agreement asks for permission to raid your Outlook contact list. If you accept the agreement, Permissioned Media sends a copy of the message to all of your contacts--not unlike mass-mailing e-mail viruses.
Just to make sure you don't fall prey to the FriendGreetings scheme, here are more details about how it works. The e-mail is usually sent from someone you know (because your name was in the sender's Outlook contact list). The FriendGreetings card requests that you click a link and download a browser plug-in that will allow you to view the contents of the card. The link sends you to a site that's a variation on FriendGreetings.com, Cool-Downloads, or Laugh-Mail, according to antivirus company MessageLabs. All of these domain names are registered by Permissioned Media. Before downloading the plug-in, a security warning pops up stating that the FriendGreetings program is digitally signed and distributed by Permissioned Media. It even says the following: "Permissioned Media Inc. asserts that this content is safe. You should only install/view this content if you trust Permissioned Media Inc. to make that assertion." Nothing illegal here This is a standard digital certificate screen, verified by a third-party certificate authority, complete with an option for you to "Always trust content from Permissioned Media Inc." Such certificates commonly appear when you visit enhanced-media HTML sites for the first time or when you download software. Most of us simply accept the certificate and continue with our business.
Sadly, there's nothing illegal about this, and Permissioned Media graciously offers instructions on how to remove the downloaded application from your hard drive. Antivirus company F-Secure suggests that if you think this marketing practice is unethical, you should complain directly to Permissioned Media. The FriendGreetings and F-Secure sites tell you how to contact the company. Always read the fine print So what's the lesson to be learned from this new threat? Be wary the next time you're asked to download a new plug-in for your browser--or any software from an unknown source. I suggest that you at least skim the EULA you're offered. If the company is asking for your permission in order to evade legal hassles, it must say what it intends to do to your PC. And, as always, if you ever have a bad feeling while visiting a Web site or reading a user agreement for a download, you're probably better off avoiding the site and its software altogether. What do you think of Permissioned Media's new tactic? Will malicious code writers exploit this feature in the future? Why or why not? TalkBack to me!
Senior Associate Editor Robert Vamosi covers hoaxes, viruses, and security threats for CNET Reviews. Have a question for him? Let him know! |
 | Next steps |
 | |
| |
• Find DSL in your own area |
• Download security and encryption apps |
• Protect yourself with a firewall or an Internet security suite |
• Shopper.com's most popular security and encryption apps
• Download security and encryption apps |
• Protect yourself with a firewall or an Internet security suite |
• Shopper.com's most popular security and encryption apps
 | ||||||||||||||
| ||||||||||||||
  | |||
|
