Trojan horse spreads via mix of email and web

Sophos is warning computer users to be wary of unsolicited emails and defend their web gateways, following the discovery of a spam campaign that poses as an electronic postcard, but is really an attempt to lure the unwary into being infected by a web-based Trojan horse.

Sophos has intercepted hundreds of the spam messages being sent, which contain the subject line ‘You have received a postcard !’. Part of the body text reads as follows:

‘Hello friend !
You have just received a postcard from someone who cares about you!

If you’d like to see the rest of the message click here to receive your animated postcard!’

Users who follow the web link are taken to a downloadable executable file (postcard.exe). The file is detected proactively by Sophos products as Zapchas-A and is designed to allow remote hackers to gain access to the infected Windows computer.