Sophos reported that it has intercepted hundreds of the messages, which contain the subject line 'You have received a postcard!'.
Part of the body text reads as follows: 'Hello friend! You have just received a postcard from someone who cares about you! If you'd like to see the rest of the message click here to receive your animated postcard!'.
Users who follow the web link are taken to a downloadable executable file (postcard.exe) designed to allow remote hackers to gain access to the infected Windows computer.
"Despite the text's ambiguity and poor spelling, the lack of an attached file means that some recipients may believe the email to be harmless," said Graham Cluley, senior technology consultant at Sophos.
"In fact, this is how more and more malicious attacks operate today, using a mixture of email and the web to deliver a dangerous payload to the desktop."
Spam e-card hides Trojan sting in its tail
By Robert Jaques on May 2, 2007 11:40AM
Computer users have been warned of a spam campaign that poses as an electronic postcard in an attempt to lure the unwary into downloading a web-based Trojan.
Got a news tip for our journalists? Share it with us anonymously here.