Trojan Horse E-card Exploits American Patriotism

Cyber Security experts are warning of a widespread e-mail spam campaign that poses as a 4th July greeting card, but is really an attempt to lure innocent computer users into being infected by a Trojan horse and attacked by hackers.

The e-mails, which are being seen in inboxes worldwide, claim that the recipient has been sent an e-card greeting by a friend and tells the user to click on a link to view the card.

Subject lines used in the malicious spam campaign include:

• 4th Of July Celebration
• American Pride, On The 4th
• America's 231st Birthday
• Americas B-Day
• America the Beautiful
• Celebrate Your Independence
• Celebrate Your Nation
• Fireworks on The 4th
• Fourth of July Party
• God Bless America
• Happy 4th of July
• Happy B-Day USA
• Happy Birthday America
• Happy Fourth of July
• Independence Day At The Park
• Independence Day Celebration
• Independence Day Party
• July 4th B-B-Q Party
• July 4th Family Day
• July 4th Fireworks Show
• Your Nations Birthday

Clicking on the link contained inside the e-mail, which is in the form of a numeric IP address, takes surfers to a compromised zombie computer hosting the Troj/JSE-card-A Trojan horse. The Trojan horse then tries to download additional code from the internet which Sophos intercepts as Mal/Dorf-C.

"Cyber criminals have no qualms about taking advantage of celebrations like 4th July to infect innocent people's computers, and potentially steal their identities. This isn't just an American problem -- these kind of attacks strike around the world, and are designed to abuse PCs around the globe," said Graham Cluley, senior technology consultant at Sophos. "People regularly send e-greetings to friends and colleagues, so it is important that everyone is on their guard against these kind of attacks and ensures their computers are properly defended."

"Rather than being sent to a real e-card website when you click on the link you are visiting someone else's compromised computer which is hosting malicious code designed to infect your Windows PC. It is these same computers, based all around the world, which are spewing out spam," continued Cluley. "Web links which use IP addresses are a set of four numbers in the format xxx.xxx.xxx.xxx. A real e-card company is unlikely to send you e-mails which use links like that, so that should set alarm bells ringing instantly."