IE 11 is not supported. For an optimal experience visit our site on another browser.

E-card trickery now in spyware, too

/ Source:

It looks like a romantic e-greeting card. “Hi love. I was thinking of how to make your day happier so I found this on the Net,” the card says, adorned with a fistful of electronic daisies. “I can’t wait to get home and give you a big strong KISS. ... Love, Brian.” But even as the recipient reads those words, Brian’s e-card is secretly installing spy software on her computer. Using e-cards to sneak software onto someone’s computer seems to be the latest fad, and in this case, it’s the latest trick in the escalating world of spouse-spying software.

IF YOU GET AN e-card, you might want to think twice before opening it. Twice recently, enterprising marketing firms have attempted to place pop-up advertisements on e-mail recipients’ computers by disguising their software as an electronic greeting card. And now, a third firm is making that tactic available to the general public — offering a computer spy software package that can be slipped onto an unwitting victim’s machine simply by sending them a greeting card.

Once installed, according to the “EMail PI” Web site, the software copies every e-mail, every instant message, in fact, every character typed by a subject, and sends them back to the spy.

“The mother of all spy programs,” the site claims, offering Brian’s e-card as a typical example. “The only software that lets you monitor your spouse simply by sending an e-card.”

That claim got the attention of Grey McKenzie, founder of SpyCop, software that’s designed to alert Net users if spy software has been installed on their systems.

“If people can think of a way to get on someone’s computer, they will do it,” McKenzie said. “They are using greeting cards because people are unaware that this stuff can be installed via a greeting card. It opens up a whole new ball of wax. ... It’s an instant nightmare.”

E-mails sent to EMail PI requesting interviews weren’t answered. domain registration information lists a San Diego address, but the telephone number listed there had been disconnected.


Loaded e-greeting cards seems to be the social engineering trick of choice lately. Two weeks ago, Canadian firm Cytron Communications LTD mass mailed a tool that quietly installed porn-promoting, pop-up ads on recipient’s computers. The spam mail took the form of a greeting card.

Company CEO Richard Oliver said his firm has stopped sending out the e-mails, and said he regretted using the tactic.

”(We) will never do it again,” he said in an e-mail interview. But he also said he regretted that another company copied his tactic and took it one step farther.

About a week ago, reports of a virus-like e-mail greeting card going by the name “” started trickling into antivirus firms. By Wednesday, there were a steady stream of complaints, and hundreds of “infections.” e-mails also contained a message telling recipients they had received an e-card; but when they clicked on the link to pick it up, they were asked to install special software. That software instantly accessed the recipient’s Outlook address book, and — much like the Melissa virus or the LoveBug — then sent copies of itself to everyone it found there.


All these fake e-cards are a nuisance to legitimate e-card firms, said Franklin Frink, general counsel of But so far, fake cards aren’t so prevalent that people are avoiding the real thing, he said.

Three years ago, before American Greeting Corp. acquired top e-card site, an e-mail hoax was spread widely claiming that cards contained a computer virus. BlueMountain had to beat back the rumor with a press release and a round of calls to the media.

“Obviously we don’t like when we see these kinds of things, but they really haven’t had any impact on our business,” Frink said.

He advised e-card recipients to use the normal care they do when opening up any e-mail. Most important, he said, Net users should be skeptical of anything that asks them to install new software.

“ will never send you attachments, downloads, plug-ins, or executables of any kind in our greeting notifications,” he said.


But such advise wouldn’t thwart Email PI, which installs secretly, and without asking the recipient any questions. McKenzie advises e-card recipients to check with senders before opening the cards, and at least verify that the cards are legitimate. But even that wouldn’t stop a determined spouse, who could lie about the e-card’s real intentions. Naturally, he suggested purchase of anti-spyware software like his as a technology solution.

Surreptitious installation of spy software isn’t new; but EMail PI claims its the first to hide the installation in a greeting card.

Richard Eaton, CEO of spy software firm WinWhatWhere, said that’s probably true. Instructions in WinWhatWhere recommend that users advise surveillance subjects that their computer activities will be watched before installing the software.

“They [EMail PI] are promoting the idea that you should send this off as an e-card, and that it’s OK to do that,” he said. “That’s just slimy. It boggles the mind.”