Sophos, a world leader in IT security and control, has warned
computer users that an estimated 9 million malicious ecard spam
messages have been sent across the internet in the past 48
Over the past few weeks, Sophos has detected a resurgence in
ecard spam designed to infect recipients' computers. Within the
last 48 hours alone, SophosLabs™
notes that malicious ecard spam designed to infect users with the
Trojan horse accounts for 6.3% of all spam seen in its global
network of spam traps.
The campaigns use social engineering as a way of suggesting a
friend or relative has created an electronic greeting card just for
you. The emails claim that the card can be viewed just by visiting
the link included in the spam message. However, there is nothing
heartwarming about this scam. Visiting the link will result in your
PC becoming infected by the JSEcard Trojan horse and will expose
the computer to further threats.
Unsolicited emails claiming to link to ecards
can direct unwary users to malware instead.
Interestingly, the malware that hackers are using to try and
infect innocent computer users is from the same families of malware
used in the waves of Storm
Trojan that wreaked havoc on the internet earlier this
"With more than six percent of all spam related to an ecard
attack, people should be suspicious of any electronic greeting that
arrives in their inbox unexpectedly. The hackers are using the
dangling carrot of an ecard to entice recipients into clicking on a
dangerous link," said Ron O'Brien, senior security analyst at
Sophos. "Maybe it would be better if people used old fashioned
letters and stamps to send their good wishes if ecards are going to
increasingly become a method for spreading electronic attacks."
Sophos products have been proactively defending against the
Troj/JSEcard-A malware since 29 June 2007, but customers of other
vendors' products may need to update their protection.
"Sophos's proactive protection meant that our millions of users
won't be infected by this latest attack," explained O'Brien.
"Sophos recommends that everyone on the internet thinks of safety
first when they use email, or risk putting their data and finances
Last month, Sophos published
research revealing the rise of web-based malware in the first half
of 2007. With computer users becoming increasingly aware of how to
protect against email-aware viruses and malware, hackers have
turned to the web as their preferred vector of attack.
Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend
against the threats of spam, hackers, spyware and viruses.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.