SPAM disguised as Hallmark card

The e-mail claims that a classmate has sent you an e-card and all you have to do is click on the IP address link to see it. There is even a (FAKE) copyright notice from "hallmark.com" at the end of the e-mail. DO NOT DO THIS - DO NOT CLICK THAT LINK - YOU WILL BE SORRY IF YOU DO!

This e-mail is not from Hallmark. First the sending address [bishop at shtel.net.cn] ends in .cn and, according to Wikipedia, ".cn is the country code top-level domain (ccTLD) for the People's Republic of China." Hallmark is of course based in the United States not China. (Why is it that the PRC Government can censor the Internet in China but can't seem to prevent the sending of SPAM?) Hallmark also explains that if you click the link what will happen and it ain't pretty.

If you are unsure if you’ve received a legitimate Hallmark E-Card, don't click on a link in the e-mail. Instead use our E-Card pickup.

If you do click on the link in the bogus e-mail, you will launch a variant of the Zapchast Trojan virus. Zapchast installs an Internet Relay (IRC) chat client and causes the infected computer to connect to an IRC channel. Attackers then use that connection to remotely command your machine.

More from Hallmark.com

How to tell if a Hallmark E-Card notification is real:

1. A legitimate Hallmark e-mail notification will come from the sender’s e-mail address, not Hallmark.com.


2. The notification will include a link to the E-Card on Hallmark.com as well as a URL that can be pasted into a browser.


3. The URL will begin with http://hallmark.com/ followed by characters that identify the individual E-Card. Hover your mouse over the words "click here" in your e-mail. If you do not see the URL above, it is not a legitimate Hallmark E-Card.
   Hallmark E-Cards are not downloaded and they are not .exe files.


4. In addition, Hallmark.com will never require an E-Card recipient to enter a user name or password nor any other personal information to retrieve an E-Card.

I did some WhoIs research both on the domain of the sending e-mail address as well as on the IP address of the linked IP address in the e-mail.

WhoIs shtel.net.cn?

WHOIS information for: shtel.net:
[whois.paycenter.com.cn]
The Data in Paycenter's WHOIS database is provided by Paycenter for information purposes, and to assist persons in obtaining information about or related to a domain name registration record.

Paycenter does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to:
(1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail (spam);
or
(2) enable high volume, automated, electronic processes that apply to Paycenter or its systems.

Paycenter reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.

Domain Name:shtel.net

Registrant:
shanghai global network Co.,Ltd.
F4,No1465,west beijing Rd.,shanghai
200040

Administrative Contact:
yang jiahui
shanghai global network Co.,Ltd.
F4,No1465,west beijing Rd.,shanghai
shanghai Shanghai 200040
China
tel: 86 21 62581890
fax: 86 21 52120339
domain@81890.net

Technical Contact:
Helen zhang
Shanghai Global Network Co.,Ltd.
F4,No.1465,West beijing Rd,Shanghai,China
Shanghai Shanghai 200040
China
tel: 86 21 62581890
fax: 86 21 52120339
domain@shtel.net.cn

Billing Contact:
Helen zhang
Shanghai Global Network Co.,Ltd.
F4,No.1465,West beijing Rd,Shanghai,China
Shanghai Shanghai 200040
China
tel: 86 21 62581890
fax: 86 21 52120339
domain@shtel.net.cn

Registration Date: 2002-12-03
Update Date: 2002-12-03
Expiration Date: 2008-12-03

Primary DNS: ns1.81890.net 210.74.224.1
Secondary DNS: ns2.81890.net 210.74.224.2

Verio Inc. - Growing Your Business, One Click At A Time

WhoIs 123.112.107.217?

Search results for: 123.112.107.217
OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

ReferralServer: whois://whois.apnic.net

NetRange: 123.0.0.0 - 123.255.255.255
CIDR: 123.0.0.0/8
NetName: APNIC-123
NetHandle: NET-123-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: NS.LACNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: NS-SEC.RIPE.NET
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
RegDate: 2006-01-06
Updated: 2006-01-10

OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3100
OrgTechEmail: search-apnic-not-arin@apnic.net

Copyright © 1999-2007 Verio Inc.

Yep, this e-mail is definitely not from Hallmark.
Tags: Chinese SPAM, Fake Hallmark Card, Fake Hallmark eCard, Fake Hallmark.com Card, Fake Hallmark.com eCard, Hallmark, Hallmark.com, & "Zapchast Trojan virus"

Newer Post
Older Post