A new spam campaign poses as an announcement of an e-card, but it actually is just a ruse, tricking users into visiting a malicious Web site where their computer is infected with a Trojan horse.

Windows users who follow the Web link are taken to a Web site that exploits vulnerabilities in Microsoft software. The Trojan horse Clsldr-D, along with other malicious code, is downloaded onto the user's computer, according to an alert from Sophos, Inc., an anti-virus and anti-spam company with U.S. headquarters in Lynnfield, Mass.

''Because this email doesn't arrive with an attached file, some may believe it is harmless,'' says Graham Cluley, senior technology consultant for Sophos. ''But just visiting the Web link on an unprotected computer puts it at risk of infection... The message is simple -- don't trust everything you read on the Internet, and ensure you are not putting your computer and its data in danger.''

Sophos analysts have intercepted hundreds of the spam messages being sent using a variety of different domain names as disguises.

''There's a very real risk that some people will think one of these emails is from a long forgotten friend or a work colleague, and follow the link out of curiousity,'' says Cluley. ''If you receive an unexpected virual postcard, it may prove wise to simply delete it.''

Sophos analysts are warning users and IT manager to make sure their software is patched, their anti-virus software is up-to-date, and that they act cautiously with their email.