
Part of the body text reads as follows: 'Hello friend! You have just received a postcard from someone who cares about you! If you'd like to see the rest of the message click here to receive your animated postcard!'.
Users who follow the web link are taken to a downloadable executable file (postcard.exe) designed to allow remote hackers to gain access to the infected Windows computer.
"Despite the text's ambiguity and poor spelling, the lack of an attached file means that some recipients may believe the email to be harmless," said Graham Cluley, senior technology consultant at Sophos.
"In fact, this is how more and more malicious attacks operate today, using a mixture of email and the web to deliver a dangerous payload to the desktop."