• From: "TheThin" <TheThin@xxxxxxxxxxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Wed, 30 Oct 2002 14:49:33 -0500

Just an FYI, they also own friendgreeting.com, so if you're blocking
based on hostname then you need to hit that one, too.  I just sent a
message from that site to myself for testing, and below are some of the
headers and other info that you can look for in filtering software.  I
added the zzz to the domain name to prevent accidental usage.


Received: from doodle.freeyankee.com (unknown [])
        by hellmouth5.gatech.edu (Postfix) with ESMTP id A5AD41D19CE
        for <gte273i@xxxxxxxxxxxxxxxx>; Wed, 30 Oct 2002 14:42:53 -0500
        (envelope-from finsoft@xxxxxxxxxxxxxx)
Received: from finsoft by doodle.freeyankee.com with local (Exim 3.22 #1
        id 186yjr-0002Og-00
        for <gte273i@xxxxxxxxxxxxxxxx>; Wed, 30 Oct 2002 12:42:51 -0700
X-Mailer: Perl Powered Socket Mailer
Subject: jane, you have an E-Card from joe.

Greetings jane,
joe stopped by our website www.friendgreetings.com
and created a Virtual E-Card just for you! To pick up your
E-Card, simply click on the following link.
Your E-Card will remain on the server for about one week, so
please print it out or save it as soon as you can.

-----Original Message-----
From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx]=20
Posted At: Wednesday, October 30, 2002 2:20 PM
Posted To: TheThin

From the Windows Magazine Security News Letter Block them now... JK


Have you ever received a Web-based greeting card from a friend or
relative? They're common these days, and they seem to be taken for
granted, in that people trust the intent of someone who might send them
a greeting card. People like to be greeted with kindness, so they're
inclined to look at and read the greeting card. It's one of the
feel-good things that many people simply can't resist.

Have you ever wondered why a company would spend its Internet resources
delivering free greeting cards on behalf of people with whom it conducts
no business otherwise? How does such an entity profit from those
endeavors? What might its motives be?

Last week, a user posted an interesting message to our HowTo for
Security mailing list regarding one company that delivers Web-based
greeting cards. That company, Permissioned Media, runs a Web site called
FriendGreetings.com, which lets one person send another person an
electronic greeting card. The friendly facilitation seems simple and
harmless, but it has a rather insidious side.

When you receive a greeting from FriendGreetings.com, the message says
that someone sent you the greeting and that to read it, you must click a
URL that takes you to the Web site hosting the greeting. When you click
the URL, you're prompted to install an ActiveX control before you view
the greeting. As the greeting-card recipient, you would probably assume
that you must install the ActiveX control to view the greeting; however,
that's not the case. Instead, FriendGreetings.com has designed the
ActiveX control, complete with an End User License Agreement (EULA), to
interact with your mail client software and harvest information about
your email contacts. After the ActiveX control obtains your private
contact list information, it sends a similar greeting card to everyone
in your contact list, probably unbeknownst to you!

If you took time to read the EULA from FriendGreetings.com, you'd
discover that the EULA clearly states Permissioned Media's intention to
do just that. A section of the EULA reads, "As part of the installation
process, Permissioned Media will access your Microsoft Outlook contacts
list and send an e-mail to persons on your contacts list inviting them
to download FriendGreetings or related products." By accepting the EULA
and installing the ActiveX control, you give the company permission to
perform that activity.

In essence, the greeting cards that FriendGreetings.com delivers
resemble many worms that travel the Internet: They're parasitic,
intrusive, devious, elusive, and most of all, probably unwanted. Even
some antivirus vendors issued warnings about the greeting card last
week. However, we can't completely blame FriendGreetings.com for its use
because, although the company counts on most users' acceptance of the
unread EULA, the EULA does spell out some of its intention. By agreeing
to the EULA, users agree to the ActiveX control activity. Nevertheless,
the lesson here should be obvious: When you encounter a EULA, don't take
anything for granted. Read it word for word to understand exactly what
you're accepting and think through what the consequences of acceptance
might be.

Permissioned Media bills itself as a "behavioral marketing network" with
more than 100 clients that advertise online. The company also operates
Cool-Downloads.com. You can read Permissioned Media's EULA at the URL
below. Take note that it grants the company "the right to add additional
features or functions to the version of PerMedia you install, or to add
new applications to PerMedia, at any time." Yikes!

If you've received a greeting card from FriendGreetings.com and
installed the associated ActiveX control, you might want to remove its
software from your system. To find out how, be sure to read the related
news article, "Protect Your Contact List: Read the EULA!" in this

And if you're a security administrator for your network, consider
blocking FriendGreetings.com to help ensure that none of your network
users inadvertently compromise private contact information by accepting
a greeting card from that Web site.
Visit Jim Kenzig of thethin.net at the
Emergent Online Booth #26 at Citrix Iforum 2002!
Register now at:
For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link.

Visit Jim Kenzig of thethin.net at the
Emergent Online Booth #26 at Citrix Iforum 2002!
Register now at:
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.


Other related posts: