A: Did you open www.123 or ww.123? The fake site is missing a W and opens to a different URL than originally intended. I have auto-update MSN Explorer (still too busy to check out the Mozilla browser I downloaded) I run Adaware SE, Spybot and Housecall from Trendmicro (it picked up bugs and worms the others ignored) It flashed red screen when I tried to open the site (it's also possible they have it set up so you are transferred to a different link, depending on which browser you use so they can weed out "inspectors") The flash image didn't play because there wasn't one there (my current MSN explorer tells me the URL of the link before I click on it) and the link to the "flash upgrade" was to a site someplace in Korea (I forwarded it to SANS so they may have had it shut down) From: Scott Frost <Huck@xxxxxxxxxxx> To: mail@xxxxxxxxxxxx Subject: Re: Warning! Don't open email christmas cards from 123greetings.com! This site when opened with the Mozilla browser I use, functions very normally, and gives me a lot of options for browsing and sending e cards which function exactly as it claims. Is it possible that you are still running Internet Explorer that has not had the latest Windows update applied to it? I have fixed many systems that acted as you said yours has and this has almost always been the cause of this reaction. All of those that did not have this as the underlying cause had a resident Trojan in the system, usually of the Trojan.Downloader variety. Flash is a very steady and time proven program for playing animations in emails and on web sites. I personally after years of trying programs to protect my system have found that AVG virus protection (Free), AdAware (Free), and Spybot (Free), all used together have given me excellent system protection, especially when used with the much less vulnerable web browser Mozilla instead of IE from Microsoft. Take care, frosty 2frosty computer consultants. Jim Blair wrote: > There is a fake email with a spoof of website that DOESN'T arrive with a >download attached. When you go to the site, take note of the URL because it >is FAKE! Http://ww.123greetings.com is NOT the real company! > If you do open the URL, the card can't be seen, but there is a link > below >it that says: "if you can't view this image (which no-one can because it is >fake) download the latest Flash player here". > DON'T do it! It will corrupt your computer! I tried to inform my local >news service, but they weren't interested yet, but this could be the worst >viral outbreak on the net if something isn't done quick!. >The URL was http://ww.123greetings.com/view/DBXXXXXXXXXXXXXX and when > >www71.123greetings.com opened instead, that's what tipped me off.