Virtual Postcard Spam Delivers Malware Surprise

Experts at SophosLabs, Sophos’s global network of virus and spam analysis centres, are warning of a spam campaign that claims recipients have a virtual postcard waiting for them, but is really an attempt to lure innocent computer users into being infected by a Trojan horse.

Windows users who follow the web link visit a website which exploits vulnerabilities in Microsoft’s software and installs the Clsldr-D Trojan horse onto their computer alongside other malicious code, including Divo-A, a phishing Trojan which grabs personal details as compromised users log into online banks.

Sophos experts have intercepted hundreds of the spam messages being sent using a variety of different domain names as disguises. Computer users are urged to ensure their anti-virus software is up-to-date, that they are patched against the latest Microsoft security vulnerabilities, and to always be cautious of unsolicited emails.

“Because this email doesn’t arrive with an attached file, some may believe it is harmless. But just visiting the web link on an unprotected computer puts it at risk of infection,” said Graham Cluley, senior technology consultant for Sophos. “The message is simple – don’t trust everything you read on the internet, and ensure you are not putting your computer and its data in danger.”

“There’s a very real risk that some people will think one of these emails is from a long forgotten friend or work colleague and follow the link out of curiosity,” continued Cluley. “If you receive an unexpected virtual postcard it may prove wise to simply delete it.”

Sophos recommends that companies automatically update their corporate virus protection, and filter attachments which may contain malicious code at the email gateway with a consolidated solution to defend against viruses and spam.

For further information on the Trojan horses, and to see what the virtual postcard emails look like, please visit www.sophos.com/virusinfo/articles/postcards.html