Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Win32/FriendGreet.E

EML/Greeting-Card.E

Win32/FriendGreet.E is, in principle, no computer infiltration tool like a virus, worm or Trojan horse.  This program spreads in the form of an unwanted e-mail advertisement - SPAM with an agreement of the user installing the software voluntarily.

The installation request comes as an email message.  The body of the message contains following text:

Greetings!

has sent you an E-Card -- a virtual postcard from FriendGreetings.com. You
can pickup your E-Card at the FriendGreetings.com by clicking on the link
below.

http://www.friendgreetings.com/pickup/pickup.aspx?code=AL&id=2410021

Message:
------------------------------------------------------------
<addressee>,
I sent you a greeting card. Please pick it up.

------------------------------------------------------------

In the message there is a real name of the addressee that is used for electronic mail sending instead of the text <addressee> .

After clicking on shown link the program is downloaded, and the installation is initiated.  During installation, you are informed that program will send greetings to all addresses found in Microsoft Outlook address book contacts.  If user agrees the email messages will be sent.

Selected texts from end-user-license-agreement are as follows:

1. Consent to E-Mail Your Contacts. As part of the installation process, Permissioned Media will access your Microsoft Outlook(r) Contacts list and send an e-mail to persons on your Contacts list inviting them to download FriendGreetings or related products. By downloading, installing, accessing or using the FriendGreetings, you authorize Permissioned Media to access your Microsoft(r) Outlook(r) Contacts list and to send a personalized e-mail message to persons on your Contact list. IF YOU DO NOT WANT US TO ACCESS YOUR CONTACT LIST AND SEND AN E-MAIL MESSAGE TO PERSONS ON THAT LIST, DO NOT DOWNLOAD, INSTALL, ACCESS OR USE FRIENDGREETINGS.

2. Consent to Receive Ads and Use of Information. By downloading, installing or using PerMedia, you agree to receive advertisements from Permissioned Media's business partners and associates. The ads will be interstitials ("pop-up and pop-under ads"), e-mail messages and in other formats. As more fully described in Permissioned Media's Privacy Statement, when you download, install or use PerMedia, Permissioned Media gathers personally identifiable information about you (such as your name and e-mail address). This information is used to select and deliver installation files for optional new PerMedia and/or third party software applications and to deliver advertisements in interstitals, e-mail and other formats to you.

3. Updates/New Information. Permissioned Media reserves the right to add additional features or functions to the version of PerMedia you install, or to add new applications to PerMedia, at any time. As more fully disclosed in our Privacy Statement, PerMedia is designed to regularly communicate and provide information regarding your Internet use to Permissioned Media. Accordingly, Permissioned Media has the right and you hereby authorize it to update or automatically install a new version of PerMedia on your computer when a new version is released to the general public and/or when new features are available. Notwithstanding the foregoing, Permissioned Media and its business associates have no obligation to make available to you any subsequent versions of PerMedia. You may not distribute or copy PerMedia (r)other than for backup purposes).

When the license is agreed and emailing completed the following file is installed C:\Program Files\Common Files\Media\winsrvc.exe\.  Its activation is assured by the creation of an item PMedia with the value C:\Program Files\Common Files\Media\winsrvc.exe\ in the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this encyclopedia may be reproduced, transmitted or used in any other way in any other form or by any means without prior permission from Eset.