A wave of fake e-mail greeting cards is luring users
into downloading a Trojan, Websense Security Labs has
warned.
The HTML e-mails are in Portuguese and say, “Uma pessoa que lhe
ama de verdade enviou um cartao virtual para voce,” which
translates as: “A person who loves you has sent you a virtual
card.”
The e-mails also contain one of a selection of poems – also in
Portuguese – while a sample screenshot released by Websense shows a
decorative design with a top border of hearts and a large pink
flower in the middle.
Multiple links in the e-mail direct recipients to a website
hosting the Trojan, a password-stealing keylogger.
The Trojan monitors recipients’ access to some financial
websites, and can then capture account information, which is then
delivered by e-mail to the attacker's address, Websense warned.
The Trojan propagates itself by sending itself to e-mail
addresses mined from the user’s workstation.
