Many governmental and civil service web sites call peoples’ attention to chain-letters based on the age-old pyramid scheme. The U.S. Postal Inspection Service gives this definition:

    A typical chain letter includes names and addresses of several individuals whom you may or may not know. You are instructed to send a certain amount of money–usually $5–to the person at the top of the list, and then eliminate that name and add yours to the bottom. You are then instructed to mail copies of the letter to a few more individuals who will hopefully repeat the entire process. The letter promises that if they follow the same procedure, your name will gradually move to the top of the list and you’ll receive money — lots of it.

These rip-off schemes reached the Internet a long time ago. Chain letters are now disseminated over the Internet. These rely on copying and e-mailing your contacts rather than the established paper method. Many antispam products are dedicated to intercepting them. Today, people dreaming of “making money fast” can easily find the software that claims to help them do just that by some efficient Internet searching.

These programs supposedly facilitate making secure payments. The below image shows the result of one of these programs (seemingly of French origin) - an e-mail spam attachment for worldwide distribution:


http://vil.nai.com/images/FPBLOG_01_04_07_B.jpg

The basic principle is as follows:

  • Via Paypal, somebody decided to enter the chain and send 5 Euros to the participant on the top of the list. His e-mail address is displayed when you run the software,
  • After payment, the recipient is supposed to send back a registration key that modifies the configuration by entering the details of the gullible caller at the fourth place and thus altering the list of previous participants,
  • Having done this, the updated file must be sent out to as many people as it is possible to entice more victims and gradually push the sender to the top of the list.

http://vil.nai.com/images/FPBLOG_01_04_07_A.jpg
Looking at this sample, I asked myself whether we should detect this file or not: it is not dangerous to the computer, it is not a malware nor an adware and the people sending the 5 Euros are acting on their own accord. My personal opinion was thus:

  • It is dishonest. And it is not only my opinion but the one mentioned by many government agencies,
  • Chain letter and pyramidal schemes are illegal in many countries,
  • It seems this program is of French origin and the French laws forbid these
    schemes (article L122-6),
  • It uses Paypal and Paypal forbids the use of their system for such activities.

To ultimately battle these types of programs we really need, as usual, to be suspicious whenever someone propose that you can get rich quick!!!

We detect this Potentially Unwanted Program as Scheme-Ultrate.