Anti-virus companies attack 'Friendly Greeting'

The 'Friendly Greeting' e-card application may have asked users' permission to install, but it is still a worm, say security companies

The "Friend Greeting Application", which made headlines earlier this month by being the first Internet worm that actually asked the users of targeted systems for permission to install itself and propagate, has been officially reclassified by anti-virus companies as a worm.

Anti-virus software will now block the application by default, because it is deceptive and exhibits worm and Trojan-like behaviour.

Most users who "installed" the Friend Greeting Application when prompted didn't read the End User License Agreement (EULA) that came with it, which states that if a user installs the application it then has permission to email itself to everyone in that person's address book, hence spreading further.

The writers of the worm, Permissioned Media of Panama, were using the Friend Greeting Application as a mass marketing tool that posed as e-card software.

Allan Bell, a spokesman for Network Associates, who make McAfee anti-virus software, says that they need to protect their customers from applications like the friends worm. "The fact is that within corporations this is not the sort of thing that they want. The same goes for home users... It's tricking people," he said.

It is unclear what the reaction of Permissioned Media will be to this development: the company may argue that McAfee and other anti-virus companies are interfering with their business by blocking their software.

But as Bell explains, the anti-virus software in this instance is just being used as a tool to filter what is allowed to come in and go out of a protected computer. "There are plenty of tools out there which block pop up windows and ads on Web sites... all we're doing is providing our clients with an avenue for blocking content that they don't want."

Anti-virus software does in fact detect and block a great deal of legitimate software that may be used for non-legitimate purposes, such as hacking. TCP/IP utilities such as NetCat, and remote network applications such as VNC from AT&T Labs are among those detected by some anti-virus packages.

Bell has warned of an increased risk of "friends" type worms over the Christmas period. "Many users will receive e-cards over the Christmas period and often these want to install something or run a program. It is possible for users to get confused by the 'friends' programs and think they are like an e-card."

He says that the friends greeting application "...if anything is a reminder to avoid just clicking on things."

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.