Greeting card 'virus' brings bad tidings

The FriendGreetings electronic greeting card, which has all the hallmarks of a mass-mailing computer virus and was first reported silicon.com (http://www.silicon.com/a56131), is raising the hackles of the internet community.

The email misleads a victim into downloading an application - ostensibly to view a web card - then sends itself to every email address in the victim's Outlook contacts file. At least a few systems administrators have complained in Usenet postings that the mass-mailing e-card was to blame for swamping their network.

Yet the creators - Permissioned Media, a company apparently based in Panama - will be hard to prosecute: the viral card is protected by a licence agreement that tricks unsuspecting users into clicking "Yes" and consenting to have the program send itself to all their email contacts, as we pointed out when the scam first appeared.

"They are deliberately trying to hide something in a wrapping that they know people won't read," said Vincent Gullotto, vice president of security company Network Associates' antivirus emergency response team.

Without the licence agreement, the program would be considered a virus, but with the code wrapped in what could be a prosecution-proof vest, Gullotto is careful to avoid the term. "The unofficial name we have for it is a fishy program," he said.

The power of a button-click to transform a virus into a legal - albeit questionable - program has some lawyers worried that future internet attackers could get protection using one of the software industry's best weapons: the click-wrap licence.

"This is a legal hack," said Jennifer Granick, a lawyer and clinical director for the Stanford University Centre for Internet and Society. "It really raises the problems of online licensing and contracting. Companies haven't wanted to admit (that problems exist), because they get to write the licences and it benefits them."

The viral e-card is just the latest example of questionable software. In April, Kazaa users inundated Brilliant Digital Entertainment with complaints when they discovered that the most recent version of the company's 3D ad technology software, which is bundled with the Kazaa file-sharing program, contained licensing terms that allowed the company to claim "unused computing power and space" on a person's PC.

Another program, Gator, which tracks users and tailors ads to them, had been roundly criticised by users and advertisers alike.

However, if protected by a properly crafted licence, such applications aren't actually doing anything that's legally considered wrong. In the precedent-setting case Specht et al. vs Netscape Communications, the court found that two tests must be satisfied for a licence to be binding: the user must be aware of the licence, and the user must be required to accept it in some way.

The licence included in Permissioned Media's FriendGreetings e-card passes both tests.

The viral eeb greeting card attracts users with an email masquerading as a message from an acquaintance and stating that an e-card awaits at a website, such as "Friendgreetings.com" or "Friend-card.com." The email contains a link that, when clicked, will begin to download the infectious program. A dialogue box says the program is necessary to view the e-card.

The installer requires that the user accept two end-user agreements that contain the following text, among other legalese: "As part of the installation process, Permissioned Media will access your MicroSoft(r) (sic) Outlook(r) Contacts list and send an email to persons on your Contacts list inviting them to download FriendGreetings or related products."

Many companies have already blocked access to Friendgreetings.com, but Permissioned Media has repeatedly changed the site's address and sent out a new batch of unsolicited email to users.

"It's getting sneakier," said Alex Shipp, senior antivirus technologist for UK-based email service provider MessageLabs. The latest iteration of the email - the fifth, said Shipp - caused a spike in the number of messages blocked by the company's anti-spam filter this past weekend.

Yet, the licence gave Shipp pause. "It's a very difficult call," he said. "It behaves exactly like a virus but because it has this disclaimer, some companies think they could get sued if they stop it like a virus."

Robert Lemos writes for News.com