Sophos reported that it has intercepted hundreds of the messages, which contain the subject line 'You have received a postcard!'.
Part of the body text reads as follows: 'Hello friend! You have just received a postcard from someone who cares about you! If you'd like to see the rest of the message click here to receive your animated postcard!'.
Users who follow the web link are taken to a downloadable executable file (postcard.exe) designed to allow remote hackers to gain access to the infected Windows computer.
"Despite the text's ambiguity and poor spelling, the lack of an attached file means that some recipients may believe the email to be harmless," said Graham Cluley, senior technology consultant at Sophos.
"In fact, this is how more and more malicious attacks operate today, using a mixture of email and the web to deliver a dangerous payload to the desktop."
Spam e-card hides Trojan sting in its tail
By
Robert Jaques
on
May 2, 2007 11:40AM

Computer users have been warned of a spam campaign that poses as an electronic postcard in an attempt to lure the unwary into downloading a web-based Trojan.
Got a news tip for our journalists? Share it with us anonymously here.
Sponsored Whitepapers
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see