Independence Day malware attack strikes via email greetings.

Experts at SophosLabs, Sophos’s global network of virus, spyware and spam analysis centers, have warned of a widespread email spam campaign that poses as a 4th July greeting card, but is really an attempt to lure innocent computer users into being infected by a Trojan horse and attacked by hackers.

The emails, which are being seen in inboxes worldwide, claim that the recipient has been sent an ecard greeting by a friend and tells the user to click on a link to view the card.

Subject lines used in the malicious spam campaign include:

4th Of July Celebration
American Pride, On The 4th
America’s 231st Birthday
Americas B-Day
America the Beautiful
Celebrate Your Independence
Celebrate Your Nation
Fireworks on The 4th
Fourth of July Party
God Bless America
Happy 4th of July
Happy B-Day USA
Happy Birthday America
Happy Fourth of July
Independence Day At The Park
Independence Day Celebration
Independence Day Party
July 4th B-B-Q Party
July 4th Family Day
July 4th Fireworks Show
Your Nations Birthday

Clicking on the link contained inside the email, which is in the form of a numeric IP address, takes surfers to a compromised zombie computer hosting the Troj/JSEcard-A Trojan horse. The Trojan horse then tries to download additional code from the internet which Sophos intercepts as Mal/Dorf-C.

“Cybercriminals have no qualms about taking advantage of celebrations like 4th July to infect innocent people’s computers, and potentially steal their indentities. This isn’t just an American problem - these kind of attacks strike around the world, and are designed to abuse PCs around the globe,” said Graham Cluley, senior technology consultant at Sophos. “People regularly send egreetings to friends and colleagues, so it is important that everyone is on their guard against these kind of attacks and ensures their computers are properly defended.”

“Rather than being sent to a real ecard website when you click on the link you are visiting someone else’s compromised computer which is hosting malicious code designed to infect your Windows PC. It is these same computers, based all around the world, which are spewing out spam,” continued Cluley. “Web links which use IP addresses are a set of four numbers in the format xxx.xxx.xxx.xxx. A real ecard company is unlikely to send you emails which use links like that, so that should set alarm bells ringing instantly.”