ecard.exe - a new breed of spam...

You will not have failed to notice that since the end of June our inboxes have been in inundated with emails claiming "You've received a greeting card from a Colleague!" or "You've received an ecard from a Class mate!". You may already be aware that these emails are spam (you are probably getting 2 or three a day after all!) but what you may not know is that these seemingly harmless emails - after all they contain no dodgy attachments - are in fact a means to infect your machine with a malicious Trojan... and all from one "click" of your mouse.

The reason these emails are so dangerous is because the link to the "ecard" contained within, whisks any unsuspecting click-happy surfer to the website claiming to be holding a card from your friend/colleague/personal trainer/dog walker... and this webpage contains a snippet of javascript that tries to exploit a security vulnerability in your browser to gain control of your machine and infect it with Malware...

The subtle difference with this spam strategy and others like it is the way in which it uses subtle social engineering to get a result for the spammers. There are many instants on the web of people who upon celebrating their birthday have inadvertantly clicked a link in one of these emails and infected their machines, thinking the email was genuine.

1. Never click links in emails unless they are from a trusted source. Even if it is your birthday, or you really think you've won the South African Lottery...
2. STOP using Internet Explorer and get Firefox
3. Get a Mac...