Tuesday, November 20, 2007

Email Virus alert: Zapchast Trojan Virus in Hallmark E-Cards

With the holiday season fast approaching spammer reprobates are at it again. As I was perusing tonight, I noticed the following alert regarding the latest attempt to infect your computer with the Zapchast Trojan Virus via Hallmark E-Cards. Hallmark recommends the following:

E-Card Fraud Alert

A fraudulent e-mail flooding the Internet claims to have a link to an E-Card from a family member, friend or neighbor and uses major greeting card company names such as Hallmark. Clicking on the link downloads a virus onto your computer that compromises personal data.

What you can do:

1. Report suspicious e-mail to your e-mail service provider so they can take action.

2. File a complaint at

3. Forward the suspicious e-mails to (Due to the large amount of e-mail we receive at that address we will not be able to reply to your e-mail, but we will investigate.)

Then you should delete the e-mail.

If you are unsure if you've received a legitimate Hallmark E-Card, don't click on a link in the e-mail. Instead use our E-Card pickup.

If you do click on the link in the bogus e-mail, you will launch a variant of the Zapchast Trojan virus. Zapchast installs an Internet Relay (IRC) chat client and causes the infected computer to connect to an IRC channel. Attackers then use that connection to remotely command your machine.

What Hallmark is doing:

1. Contacting the Internet providers identified as the source of the spam requesting that they shut down the imposters.

2. Working with Microsoft to include the virus code in their phishing filter to protect consumers who use their web browser and e-mail client software.

3. Working with anti-virus software corporations to get the virus code added to virus definition updates.

4. Reviewing Hallmark's E-Card notification and pickup procedures.

5. Educating consumers about how to avoid E-Card abuse.

How to tell if a Hallmark E-Card notification is real:

1. The subject line of legitimate E-Card notifications from Hallmark will say, "A Hallmark E-Card from (name of the sender)" not a generic term like "friend," "neighbor" or "family member.

2. The e-mail notification will come from the sender's e-mail address, not

3. The notification will include a link to the E-Card on as well as a URL that can be pasted into a browser.

4. The URL will begin with followed by characters that identify the individual E-Card. Hover your mouse over the words "click here" in your e-mail. If you do not see the URL above, it is not a legitimate Hallmark E-Card.

5. Hallmark E-Cards are not downloaded and they are not .exe files.

6. In addition, will never require an E-Card recipient to enter a user name or password nor any other personal information to retrieve an E-Card.

E-mail Safety Tips:

1. Do not open e-mails from unknown senders.

2. Don't open an e-mail you know to be spam. A code embedded in spam advertises that you opened the e-mail and confirms your address is valid, which in turn can generate more spam.

3. If you receive an attachment that you are not expecting, don't open it, even if it's from someone you know. First read the e-mail, and make sure the attachment is most likely legitimate. If you're still not sure, call or e-mail the sender to confirm, but do not reply to the original e-mail.

4. Some fraudulent e-mails that appear to be from financial companies (PayPal, banks, credit card companies, etc.) direct the reader to click on a link to verify or confirm account details. Never click these links. Instead, call the company if you are concerned about your account.

Hallmark gives some very good advice, that we all should follow. I've received (recently) a spate of emails from PayPal, Ebay and even the IRS, none of which were legit.

So the miscreants are on the hunt, once more, and during a time we might all be a little less vigilant than we should.


Pilgrim said...

Thanks for the heads up.

Karen said...

If I don't say it later, Happy Thanksgiving to you, Incog!

Debbie said...

Great advice. I have used Norton and also Symantic, but on my current computer I have Trend Micro PC-cillin Internet Security. It beats all others in my opinion.

Hallmark cards, nothing is safe these days.

Have a wonderful Thanksgiving my friends.

Pat Jenkins said...

nothing says happy holidays like an infected hallmark card...

WomanHonorThyself said...

what a shame Incog..sigh..Happy Thanksgiving..almost time to eat and count blessings! :)

Anonymous said...

Too late, I clicked on this one, thought it looked genuine. Downloaded some file which was 1mb and its in windows in the hidden files somewhere. Norton is scanning windows folders but doesn't seem to be picking it up.

At the end of download there was a jpg saying in what appeared to be Polish that I am an idiot.

Incognito said...

ANON: So sorry! Best bet is to NEVER open any attachments, unless you are absolutely sure they are from someone you know. Even email addresses can be spoofed so that you think they are from friends. if it looks interesting I email the friend and ask if they sent the email, if not, it gets trashed.

good luck.