Virtual postcard delivers Trojan
Print storyVXers deliver spyware calling card
Posted in Spyware, 29th June 2005 10:29 GMT
Free whitepaper – Securing your Apache web server with a Thawte digital certificate
A spam campaign that poses as a virtual postcard delivery is being used to lure surfers into infecting their PCs with a Trojan horse.
Windows users who follow the web link in the junk emails are roped into visiting a website which exploits well known vulnerabilities to install the Clsldr-D Trojan horse and other malicious code onto vulnerable PCs. The malicious emails are being sent from a variety of domain names.
"There's a very real risk that some people will think one of these emails is from a long forgotten friend or work colleague and follow the link out of curiosity," said Graham Cluley, senior technology consultant for anti-virus firm Sophos. "If you receive an unexpected virtual postcard it may prove wise to simply delete it."
The use of bogus e-cards to deliver malware is fairly uncommon but not unprecedented (examples here and here). The revival of the tactic illustrates that malware these days is delivered as often through maliciously constructed websites as via infected email attachments. ®
Related stories
UK trojan siege has been running over a year
UK under cyber blitz
VXers love Britney Spears - official
Skulls Trojan poses as security code
Bogus Jackson suicide bid claim used to spread malware
Guerilla marketing tactics spawn viral fears
E-card slimeware delivers pr0n
Free whitepaper – Securing your online data transfer with SSL
The future of SaaS and IT infrastructure management
The mandate for application security
Extended Validation SSL Certificates
Avoiding 7 common mistakes of IT security compliance
The best practices guide for application security
Google cloud told to encrypt itself
Buggy 'smart meters' open door to power-grid botnet
Chinese firm hits back at cyberspy claims
BlockMaster SafeStick hardware-encrypted USB drive