Original URL: http://www.theregister.co.uk/2005/06/29/trojan_calling_card/

Virtual postcard delivers Trojan

VXers deliver spyware calling card

By John Leyden

Posted in Security, 29th June 2005 10:29 GMT

A spam campaign that poses as a virtual postcard delivery is being used to lure surfers into infecting their PCs with a Trojan horse.

Windows users who follow the web link in the junk emails are roped into visiting a website which exploits well known vulnerabilities to install the Clsldr-D Trojan horse and other malicious code onto vulnerable PCs. The malicious emails are being sent from a variety of domain names.

"There's a very real risk that some people will think one of these emails is from a long forgotten friend or work colleague and follow the link out of curiosity," said Graham Cluley, senior technology consultant for anti-virus firm Sophos. "If you receive an unexpected virtual postcard it may prove wise to simply delete it."

The use of bogus e-cards to deliver malware is fairly uncommon but not unprecedented (examples here and here). The revival of the tactic illustrates that malware these days is delivered as often through maliciously constructed websites as via infected email attachments. ®

Related stories

UK trojan siege has been running over a year
UK under cyber blitz
VXers love Britney Spears - official
Skulls Trojan poses as security code
Bogus Jackson suicide bid claim used to spread malware
Guerilla marketing tactics spawn viral fears
E-card slimeware delivers pr0n