“You’ve received a postcard from a family member!” Yeah, right!

Posted by on

What I actually received was the message below, with the above-quoted subject line.

It smelled fishy. I’ve gotten these greeting-card messages before, but they’ve always included the name of the person sending the message. If the site didn’t have the person’s name, then how would it know that it was a family member? And what’s with the Hong Kong URL — the same place that a lot of the “MyCanadianPharmacy” spam has been registered to?

Google reports that the term “notme.hk” was their tenth-most-common search term at it’s peak, which looks like it was about 9am today, Pacific Daylight time zone (it’s at #68 as I write this). Before about 6am this morning, it hadn’t even been seen on their charts. That looks like the fingerprint of a spam blizzard to me. There are only two good reasons I can see for this kind of thing: identifying what e-mail accounts are active (via the identification number provided in the message), or tricking people into going to a site that’s spreading malware. Or maybe both at the same time.

There are at least a couple of sites that look like blogs, but seem to just publish spam messages. I grabbed the identification number from one of these messages on those sites and used it to try to go to the site, to see what I could see. (I figured that FireFox with the NoScript extension, under Linux, should be safe enough even if it was malware.) No luck: “403 Forbidden, You don’t have permission to access / on this server.” I don’t know what it might have hosted earlier today.

This one is alarming. If it hadn’t mentioned “a family member” or had an obvious Hong Kong address, even I might have clicked the link before I thought about it — and I’m usually very good at spotting spam, virus, and phishing messages, if I do say so myself. All a malware author would need is a Trojan horse targeting an unpatched Windows XP flaw on that site and he could create a huge spam-spewing or DDoSing botnet in one go, or install keyloggers to harvest banking passwords and credit card numbers by the thousands.

I’ll say it again: be careful out there, folks. It’s getting more dangerous by the day.

Good day. Your family member has sent you an ecard from notme.hk. Send free ecards from notme.hk with your choice of colors, words and music. Your ecard will be available with us for the next 30 days. If you wish to keep the ecard longer, you may save it on your computer or take a print. To view your ecard, choose from any of the following options: ——– OPTION 1 ——– Click on the following Internet address or copy & paste it into your browser’s address box. http://notme.hk/?[ID removed] ——– OPTION 2 ——– Copy & paste the ecard number in the “View Your Card” box at http://notme.hk/ Your ecard number is [ID removed] Best wishes, Postmaster, notme.hk *If you would like to send someone an ecard, you can do so at http://notme.hk/