At work, I’ve been getting lots of Hallmark E-Cards. They include a file, postcard.zip, which extracts to postcard.exe. Of course, as soon as an address not owned by a real human got an e-card, I knew something was up, but since I was on Linux, I wasn’t terribly afraid of it infecting me.

NoVirusThanks.org describes it in more detail, but the short version is that, after you’re infected, it will e-mail itself around, presumably to people in your address book. (It also gives the virus’s creators control of your machine.)

When the mail is being sent, it identifies itself with the HELO string of hallmark.com. They went pretty far with this one, since few people would think to check the headers. (Though those that do probably wouldn’t be opening a .exe file e-mailed to them anyway.) The IP it uses to connect can’t be forged, though. And this is where my idea is born.

There ought to be a site out there that’s just a giant database of IPs that have sent viruses, what virus they sent, when, and what IPs reported it. It’d be nice for blacklists (it looks like the infected machine sends mail directly, instead of using your normal mailserver), but what I really would love is to see some high-volume sites (I’m looking at you, Google) display a, “12 mailservers have reported your machine is infected with a virus in the past 24 hours” banner, along with a link that shows what virus(es) are reported, and help on reputable anti-virus solutions.

It’s a little creepy and big-brotherish, but it seems odd to me that I know a handful of IPs sending viruses, whereas the people who use those IPs probably have no idea. I have no way of contacting them, though, nor would an e-mail from some random guy saying “You have a virus” be that helpful.