A spam campaign that poses as a virtual postcard delivery is being used to lure surfers into infecting their PCs with a Trojan horse.

Windows users who follow the web link in the junk emails are roped into visiting a website which exploits well known vulnerabilities to install the Clsldr-D (http://www.sophos.com/virusinfo/analyses/trojclsldrd.html) Trojan horse and other malicious code onto vulnerable PCs. The malicious emails are being sent from a variety of domain names.

"There's a very real risk that some people will think one of these emails is from a long forgotten friend or work colleague and follow the link out of curiosity," said Graham Cluley, senior technology consultant for anti-virus firm Sophos. "If you receive an unexpected virtual postcard it may prove wise to simply delete it."

The use of bogus e-cards to deliver malware is fairly uncommon but not unprecedented (examples here (http://www.theregister.co.uk/2002/10/25/guerilla_marketing_tactics_spawn_viral/) and here (http://www.theregister.co.uk/2002/10/25/ecard_slimeware_delivers_pr0n/)). The revival of the tactic illustrates that malware these days is delivered as often through maliciously constructed websites as via infected email attachments. ®

Related stories

UK trojan siege has been running over a year (http://www.theregister.co.uk/2005/06/17/niscc_warning/)
UK under cyber blitz (http://www.theregister.co.uk/2005/06/16/uk_cyber-blitz/)
VXers love Britney Spears - official (http://www.theregister.co.uk/2005/06/14/celebrity_virus_chart/)
Skulls Trojan poses as security code (http://www.theregister.co.uk/2005/06/13/skulls_trojan_f-secure/)
Bogus Jackson suicide bid claim used to spread malware (http://www.theregister.co.uk/2005/06/10/jackson_trojan_spam/)
Guerilla marketing tactics spawn viral fears (http://www.theregister.co.uk/2002/10/25/guerilla_marketing_tactics_spawn_viral/)
E-card slimeware delivers pr0n (http://www.theregister.co.uk/2002/10/25/ecard_slimeware_delivers_pr0n/)