Sophos, a world leader in IT security and control, has warned
computer users to be wary of unsolicited emails and defend their
web gateways, following a spam campaign that poses as an electronic
postcard, but is really an attempt to lure the unwary into being
infected by a web-based Trojan horse.
Emails seen by experts at SophosLabsâ„¢, Sophos's global
network of virus and spam analysis centers, have the subject line
"You have received a postcard !". Part of the email reads as
follows:
Hello friend !
You have just received a postcard from someone who cares about
you!
This is a part of the message:
"Hi there! It has been a long time since I haven't heared about
you!
I've just found out about this service from Pussy, a friend of
mine who also told me that..."
If you'd like to see the rest of the message click here to
receive your animated postcard!
The email claims that you have an electronic
postcard waiting for you.
Users who follow the web link are taken to a downloadable
executable file (postcard.exe). The file is detected proactively by
Sophos products as Mal/Zapchas-A and is
designed to allow remote hackers to gain access to the infected
Windows computer.
Sophos experts have intercepted hundreds of the spam messages
being sent, and urges computer users to ensure their anti-virus
software is up-to-date, that they are patched against the latest
Microsoft security vulnerabilities, and to always be cautious of
unsolicited emails.
"Because this email doesn't arrive with an attached file, some
may be fooled in to believing it is harmless. But in fact, this is
how more and more malicious attacks operate today - using a mixture
of email and the web to deliver a dangerous payload to the
desktop," said Graham
Cluley, senior technology consultant for Sophos. "Companies
need to defend their workers with a comprehensive web gateway
security as well as protecting their desktops and servers."
Last week, Sophos published research
revealing the rise of web-based malware in the first three months
of 2007. With computer users becoming increasingly aware of how to
protect against email-aware viruses and malware, hackers have
turned to the web as their preferred vector of attack.
Sophos products have been proactively protecting against the
Mal/Zapchas-A malware since 13 February 2007, but customers of
other vendors' products may need to update their protection.
Sophos recommends companies automatically update their corporate
virus protection, and defend their users with a consolidated solution to defend against the
threats of viruses, spyware, hackers and spam.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.