Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
News
Security News Archives
2008
July
Security Alert - Virus Emails - You've received A Hallmark E-Card!
Security Alert - Fraud Emails - ITC UPDATE FOR THIS MONTH FOR NEW ACCOUNT!!!
Accounts
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Education & Outreach
Support & Repair
Information Security Office (ISO)

Security Alert: Virus Emails - You've received A Hallmark E-Card!

Who: Everyone

What:  Virus Emails - You've received A Hallmark E-Card!

When:  July 23, 2008

How:
Virus Emails - You've received A Hallmark E-Card! Virus emails have recently been sent to Carnegie Mellon email accounts claiming to be from "postcards@hallmark.com".  The messages include a postcards.zip or similarly named attachment. PLEASE DO NOT OPEN THE ATTACHMENT!

A sample of the virus message follows:

From: postcards@hallmark.com
Sent: Wed, July 23, 2008 10:22 am
Subject: You've received A Hallmark E-Card!

You have recieved A Hallmark E-Card. Hello!

You have recieved a Hallmark E-Card from your friend.

To see it, check the attachment.

There's something special about that E-Card feeling. We invite you to make a friend's day and send one.

Hope to see you soon,
Your friends at Hallmark

Your privacy is our priority. Click the "Privacy and Security" link at the bottom of this E-mail to view our policy. Hallmark.com | Privacy & Security | Customer Service | Store Locator

What You Need To Do:
If you suspect your computer has already been compromised, STOP! Read and follow Responding to a Compromised Computer.

If your computer is managed by a Carnegie Mellon departmental computing administrator, please consult that person before making any system changes.

Follow the detailed steps below:

  1. If you opened the attachment, your machine is likely infected and will need to be cleaned via the following:
    1. If you do not have Symantec AntiVirus installed or have problems with these directions, contact your departmental computing administrator or the Computing Servics Help Center at x8-HELP(4357) or send email to advisor@andrew.cmu.edu.
    2. If your wireless connection was suspended, plug into a wired connection to access FirstConnect (no registration required.)  If your wired connection was suspended, you can still access FirstConnect while suspended on wired.  FirstConnect will allow you to download files from Symantec's website while suspended or unregistered.
    3. Download and save the following file to your Desktop: Symantec AntiVirus Rapid Release Definitions (symrapidreleasedefsx86.exe)
    4. Locate and run symrapidreleasedefsx86.exe or symrapidreleasedefsx86 to upgrade your Symantec AntiVirus definitions.  Wait for it to complete.
    5. Turn off System Restore using these Symantec directions.
    6. Perform a full virus scan of your computer:
      1. Launch Symantec AntiVirus.
      2. From the Scan menu, select Full Scan.
      3. Press the Scan button in the lower right corner.
      4. Wait for the scan to complete and clean the infection.
    7. Turn on System Restore using these Symantec directions.
    8. If your computer was suspended, follow the instructions in the suspension email to request restoration.
  2. If you received or opened the message and did not open the attachment, enable spam filtering and delete the message.
    See Enable Spam Filter Using Portal

  3. Secure Your Computer***
    Mac instructions
    Windows Vista instructions
    Windows XP instructions

Contact:
Please direct any questions or comments to the Computing Services Help Center at x8-HELP (4357) or advisor@andrew.cmu.edu, or to your departmental administrator or DSP consultant.