South African users may have been puzzled at receiving 4th of July greetings this morning and hopefully the fact that it is a strictly US holiday would have prevented them from clicking on the accompanying link to an e-card.
The spam mails, posing as US Independence Day greeting cards, are really an attempto to lure users to a site that will infect their PCs with a Trojan horse and thus open them to hack-attacks.
The mails claim that the recipient has been sent an ecard greeting by a friend and tells the user to click on a link to view the card.
Subject lines used in the malicious spam campaign include: America the Beautiful; God Bless America; Happy Fourth of July; Independence Day Celebration; July 4th Fireworks Show; and Your Nations Birthday.
"Cyber criminals easily take advantage of celebrations like the 4th July to infect innocent people's computers, and potentially steal their identities. This isn't just an American problem – these kinds of attacks strike around the world, and are designed to abuse PCs on a global scale," says Brett Myroff, CEO of master Sophos distributor, NetXactics.
People regularly send e-greetings to friends and colleagues, so it is important to guard against these attacks and ensure computers are properly protected.
Clicking on the link contained inside the email, which is in the form of a numeric IP address, takes surfers to a compromised zombie computer hosting the JSecard-A Trojan horse. This malware then tries to download additional code from the Internet which Sophos intercepts as Mal/Dorf-C.
A real e-card company is unlikely to send emails containing links that are a set of four numbers in the format xxx.xxx.xxx.xxx. “That should set alarm bells ringing instantly,” Myroff adds.