You Have 'Recieved' a Trojan
To recap: tell-tale signs are poor spelling, failure to identify the sender, and a link that isn't displayed or a link that points to an executable file. The biggest tip-off - the legitimate Hallmark e-card email is sent 'from' the sender's email address and not from Hallmark.com. To avoid being fooled, be suspicious if:
- The sender's address isn't a person you know, or is disguised generically as being from a greeting card company
- There are misspellings in the text of the email
- The link isn't displayed or the link points to an executable file
If you do receive an e-card that appears to be from someone you know, verify they intended to send it by calling or emailing the sender using a known good address (not the reply to address in the e-card).
And just what does this latest greeting card scam deliver? Like most others, it dishes up a variant of the Zapchast Trojan. Zapchast installs an Internet Relay (IRC) chat client and causes the infected computer to connect to an IRC channel. Attackers then use that connection to remotely command the machine. And you thought forgetting your birthday was bad.
I received an e-mail like this, but everything was spelled correctly. I wonder who I should forward it to for examination. :O
I also received one; I didn’t notice the spelling, but I did notice the bogus URL; in my case it was pointing to a file called “card.exe” on a server hosted in China.
Their attempts are improving. The one I received was spelled correctly, it offered 2 options for viewing with copy and paste options, and the URL used some long code rather than pointing to an EXE file. The biggest giveaway, of course, is that it didn’t include my name or the name of the “family member” who supposedly sent it. And the “From” address displayed “hallmark.com”, but real address was something very different.
The ones I keep getting point to a file with a .scr (screensaver) extension.
My email preview software shows me the real links in emails before I ever actually download. Very handy! http://www.firetrust.com – MailWasher Pro. (I am not affiliated with Firetrust.)
got one with an attached zip file containing the postcard.exe
Very useful information, thank you. I became suspicious for exactly the misspelling of “recieve” which, however, was only in the actual message, not in the “Re:” And the attached file was “postcard.zip”. Luckily, this increased my suspicion. Bona fide e-cards always tell you who the sender is, that was the third giveaway.
Got one that is a very convincing spoof, with Hallmark logo, graphics, etc. Only problem is the link points to an executable at a numerical IP address.
The school districts in our county got a rash of them this morning. They made it through an IronPort scanner. Our district’s email scanner (Guinevere) stopped them. These looked as if they really were from Hallmark. An infected file called “postcard.zip” was included, rather than a link.
Got 2 today with attachment of : postcard.zip
Easy way to tell they are fake is that the Hallmark info that is in the email is a picture, with no working hyperlinks. My Kaspersky software zapped it the second it arrived. Thanks Kaspersky!
I get about 10 a day but dont open them.
i before e
except after c
and when sounding like A as in neighbor and weigh
and in weekends and holidays
and all throughout may!
-brian regan
Rachel (or Brian), it’s probably best to read an article before posting comments to it. The ‘recieved’ is clearly explained.
Thank god for this, i always check the web incase these kind of things are viruses. As many people have said, received is spelt incorrectly, but only in the body of the e-mail, in the subject line it is correct.
I also wavered because of it pointing to a postcard.gif.exe – and it not knowing my name / the name of who it’s from.
Thanks again for this =]
I’ve got a bunch of these in the last two weeks with the header saying I “received a greeding e-card”. Wonder what that means. If anyone feels “greedy” I could forward the postcard.exe that comes with it