VCards
April 30, 2002 6:53 PM   Subscribe

VCards are sort of a viral(or maybe voyeuristic) greeting card. You send one to someone, and they are sent your note with some attachments. The recipient is asked to run one of them(a VB script), that decrypts the other files, which are three images randomly chosen from the hard drive of the person who sent it to them, and so on. Everything is explained up front, and full source is provided at the web page.
posted by Su (10 comments total)
 
Step04: Simultaneously, images are being harvested from the user's hard drive and mailed to the people in that user's address book.

note to self: disconnect drive mapping to porn before launching attachment...

I'd love to see one without using it (as if I could on a Mac.) I imagine that the images it usually gathers are probably pretty damn boring bits and pieces of application help files and other "clip art." Anyone who knows VB that can tell how intelligent the script is?
posted by machaus at 7:03 PM on April 30, 2002


A worm that works on the honor system. Super. Won't take long at all for somebody to add a slightly more destructive payload to this, and disguise it as this.
posted by swell at 7:27 PM on April 30, 2002


Right now, Internet users are suffering a massive attack by the klez worm. We are trying to train people not to launch attachments--even from people they know. Then these twits come along and encourage people to transmit and execute strange script content by email. This is not simply moronic. It is evil.
posted by chipr at 7:32 PM on April 30, 2002


Can't believe I forgot to post the actual message. Here goes:

Click the " vcards.vbs " attachment to view your card! One of your friends is giving you a voyeuristic glimpse of their personal images.
The images were randomly chosen and are totally uncensored! There is no telling what you will see!

Click the " vcards.vbs " file attachment to see the uncensored images, and send your own images out to the people in your address book!

+ + + + + + + + + + + + + + + + + + + + + + + +
Message from your friend:
***MESSGE GOES HERE***
+ + + + + + + + + + + + + + + + + + + + + + + +

If you are not interested? Just delete this email. VCards, Lets get with hot communications


Swell & Chipr: What's your point? There are plenty of viruses out there that require the person to run a script. It's usually achieved through deception. So it becomes a question of how much you trust you computer and/or your friends, no? Still no different.
If you're that paranoid, then don't run it. E-mail the person first and ask if they really sent the thing.
posted by Su at 7:34 PM on April 30, 2002


Also, the honor system worm idea has already been done, though I'm having a hell of a time finding the thing. It was created by someone who decided to play with the idea of computer security. When the thing infected your system, it would ask permission to encrypt the files on your hard drive, and actually did a pretty good job of it. If you refused, it wouldn't. Simple.
Anybody else heard of this, and know where it is? It's most likely that I saw it at Slashdot.
posted by Su at 7:40 PM on April 30, 2002


More info from antivirus.com. My VBS knowledge is somewhat limited, but I do see where they create the directory described in the solution.

The problem, IMO, is that the person who first sends it aims it at a particular friend, who is either a) clued in enough never to run a VBS attachment, or b) trusts it because it came from a friend, and seems like harmless fun. Admittedly, this is a bit unique in that it admits up front that it's sending to random files to everyone in that victim's address book. This is not harmless at all. Also, worms mutate as they land in the hands of someone more malicious than the original author. A couple lines of changes and ... something bad starts happening. Chipr's right, this is evil.
posted by swell at 7:56 PM on April 30, 2002


When the thing infected your system, it would ask permission to encrypt the files on your hard drive, and actually did a pretty good job of it.

You're thinking of the KOH virus. You can get some info on it here. I wanted to play with it a long time ago, but the only place I could find it was on some software site for ten bucks. Not only is it friendly its for sale. Go figure.
posted by skallas at 8:40 PM on April 30, 2002


Maybe this is like the lottery, an idiot tax.
But seriously, I spend about 2-3 hours of my day explaining things to my peers, installing / uninstalling / guiding friends who did things to their system that confounds me. Then someone thinks that it would be cute to do this and then releases it in the wild? Yeah thanks, I’ll pass. It is hard enough to deal with the malware and KaZaA instals.

< / rant>

posted by plemeljr at 8:45 PM on April 30, 2002


So it becomes a question of how much you trust you computer and/or your friends, no?
No, it becomes a question of how much you trust the author of the .vbs file. It's a clever idea, but I still won't be running any emailed vbs/exe files or Office docs with macros (setting Outlook/Outlook Express to use the Restricted zone and making sure that zone if locked down is also a good idea to stop scripting in emails).
That's not paranoia, it's common sense.
posted by malevolent at 11:33 PM on April 30, 2002


The VCard program has been added to McAfee's virus DAT file.

*giggle*
posted by Su at 3:11 AM on May 2, 2002


« Older Havening (sic) a lousy day?   |   Now we know why French was required in school :... Newer »


This thread has been archived and is closed to new comments