Computer users should be wary of unsolicited e-mails and defend their Web gateways, following a spam campaign that poses as an electronic postcard, but is really an attempt to lure the unwary into being infected by a Web-based Trojan horse. E-mails seen by experts at Sophos have the subject line "You have received a postcard!"
Users who follow the Web link are taken to a downloadable executable file (postcard.exe). The file is detected proactively as Mal/Zapchas-A and is designed to allow remote hackers to gain access to the infected Windows computer.
Experts have intercepted hundreds of the spam messages being sent, and urges computer users to ensure their anti-virus software is up-to-date, that they are patched against the latest Microsoft security vulnerabilities, and to always be cautious of unsolicited e-mails.
"Because this e-mail doesn't arrive with an attached file, some may be fooled in to believing it is harmless. But in fact, this is how more and more malicious attacks operate today -- using a mixture of e-mail and the Web to deliver a dangerous payload to the desktop," said Graham Cluley, senior technology consultant for Sophos. "Companies need to defend their workers with a comprehensive Web gateway security as well as protecting their desktops and servers."
