Wednesday, 25 February 2009

The Hallmark e-card virus - A Hoax?

Is The Hallmark e-card virus a Hoax?

There are various opinions on this subject, some caliming that it is a hoax, others that it is true. This blog only provides information from reputable sources. Below is an article on the subject from Web User, UK's best selling internet magazine.

Virus hidden in Hallmark e-card

"Surfers should beware of opening emails purporting to be from the popular card company Hallmark as they may carry a virus.

Security firm MessageLabs has intercepted emails from 25,000 IP addresses containing a new virus that arrives from the sender with the subject line, 'You've received a Hallmark E-Card!'

Along with the email there is an attachment entitled If opened a Trojan virus will attach itself to the hosts computer and recruit it for a botnet, a web of infected computers.

According to MessageLabs the emails were sent in bursts with a surge of the malicious emails detected on 23 July.

This latest bout of malware is a variation of the Storm botnet which popularised postcard/e-card attacks last year. Web User reported on a similar scam just last month.

"As long as recipients continue to fall for these old tricks, malware authors and spammers will continue to use them," according to Matt Sergeant of MessageLabs."

The following is what Hallmark themselves have to say on the subject.

"How to retrieve legitimate Hallmark e-cards and identify fradulent e-mails

Consumer security and the integrity of our brand are of great importance to Hallmark. Occasionally, we are made aware of fraudulent e-mails and other deceptive practices, such as the postcard virus currently circulating, which we take very seriously. While Hallmark's legal team addresses these concerns, we want our consumers to be aware of how to spot a fraudulent e-mail, which may contain major greeting card company names such as Hallmark.

These fraudulent e-mails do not originate from Hallmark. The Hallmark name has been used by a third party. All legitimate Hallmark e-cards can be retrieved at with the code provided. A legitimate Hallmark e-card will include the name of the sender, a confirmation number and does not include an attachment to download.

Additional Information

Downloading attachments in these fradulent e-mails could download a virus onto a computer that compromises personal data. Here are steps consumers can take to reduce the chances of this happening:

Delete the e-mail without opening it.

If you have opened it and want to forward it to us, send it to Due to the large amount of e-mail we receive at that address we will not be able to reply to your e-mail, but we will investigate. Then delete the e-mail from both your inbox and your sent folder. If you click on the link in the bogus e-mail, you will launch a Trojan virus. This virus installs an Internet Relay (IRC) chat client and causes the infected computer to connect to an IRC channel. Attackers then use that connection to remotely command your machine for the purpose gathering your personal information. An example of this virus is the Zapchast virus.

If you use Windows XP and Internet Explorer you should visit to update your browser and operating system. Then you will be less likely to be affected by the virus.

Report suspicious e-mail to your e-mail service provider so they can take action.

File a complaint at

If you are unsure if you’ve received a legitimate Hallmark E-Card, don't click on a link in the e-mail. Instead locate the EG number in the e-mail and use our E-Card pickup.

What Hallmark is doing:

Contacting the Internet providers identified as the source of the spam requesting that they shut down the imposters.

Working with Microsoft to include the virus code in their phishing filter to protect consumers who use their web browser and e-mail client software.

Working with anti-virus software corporations to get the virus code added to virus definition updates.

Reviewing Hallmark's E-Card notification and pickup procedures.

Educating consumers about how to avoid E-Card abuse.

How to tell if a Hallmark E-Card notification is real:

Hallmark e-card e-mails do not include any attachments. To be safe if you receive an e-card notification with an attachement delete it immediately, then empty your "trash" or "deleted e-mails" from your email client.

The sender's first name and last name will appear in the subject line. If you do not recognize the name of the person sending the E-Card, do not click on any links in the e-mail. Delete the e-mail.

The notification will include a link to the E-Card on as well as a URL that can be pasted into a browser.

The URL will begin with followed by characters that identify the individual E-Card. Hover your mouse over the words "click here" in your e-mail. If you do not see the URL above, it is not a legitimate Hallmark E-Card.

Hallmark E-Cards are not downloaded and they are not .exe files.

In addition, will never require an E-Card recipient to enter a user name or password nor any other personal information to retrieve an E-Card.

If you are unsure if you’ve received a legitimate Hallmark E-Card, don't click on a link in the e-mail. Instead locate the EG number in the e-mail. Then go to, click on the "Cards & E-Cards tab," and then on "Pick Up an E-Card" link from the dropdown menu and enter the EG number to retrieve your card.

E-mail Safety Tips:

Don’t open e-mails you know are spam. A code embedded in spam advertises that you opened the e-mail and confirms your address is valid, which in turn can generate more spam.

Don't open e-mails from unknown senders.

Don’t open attachments in e-mails unless you are expecting to receive one. If you receive an attachment that you are not expecting, even if it’s from someone you know, first read the e-mail and make sure the attachment is legitimate. If you’re still not sure, call or e-mail the sender to confirm, but do not reply to the original e-mail.

Don't click on links in e-mails that appear to be from financial companies (PayPal, banks, credit card companies, etc.) that direct you to verify or confirm account details. Instead, call the company if you are concerned about your account."