Virtual postcard spam delivers malware surprise, Sophos reports

June 28, 2005 Sophos Press Release

Experts at SophosLabs™, Sophos's global network of virus and spam analysis centers, have warned of a spam campaign that poses as virtual postcard delivery, but is really an attempt to lure innocent computer users into being infected by a Trojan horse.

An example of the email
The email claims that you have a virtual postcard waiting for you.

Windows users who follow the web link visit a website which exploits vulnerabilities in Microsoft's software and installs the Clsldr-D Trojan horse onto their computer alongside other malicious code (Troj/Delf-KP, Troj/Lofler-A, Troj/Siggy-A, Troj/Webdrop-A, Troj/Small-EM, and Troj/Divo-A). Troj/Divo-A is a phishing Trojan which grabs personal details as compromised users log into online banks.

Sophos experts have intercepted hundreds of the spam messages being sent using a variety of different domain names as disguises. Computer users are urged to ensure their anti-virus software is up-to-date, that they are patched against the latest Microsoft security vulnerabilities, and to always be cautious of unsolicited emails.

"Because this email doesn't arrive with an attached file, some may believe it is harmless. But just visiting the web link on an unprotected computer puts it at risk of infection," said Graham Cluley, senior technology consultant for Sophos. "The message is simple - don't trust everything you read on the internet, and ensure you are not putting your computer and its data in danger."

"There's a very real risk that some people will think one of these emails is from a long forgotten friend or work colleague and follow the link out of curiousity," continued Cluley. "If you receive an unexpected virtual postcard it may prove wise to simply delete it."

Sophos recommends companies automatically update their corporate virus protection, and filter attachments which may contain malicious code at the email gateway with a consolidated solution to defend against viruses, spyware and spam.