Windows users who follow the Web link are taken to a Web site that exploits vulnerabilities in Microsoft software. The Trojan horse Clsldr-D, along with other malicious code, is downloaded onto the user's computer, according to an alert from Sophos, Inc., an anti-virus and anti-spam company with U.S. headquarters in Lynnfield, Mass.
''Because this email doesn't arrive with an attached file, some may believe it is harmless,'' says Graham Cluley, senior technology consultant for Sophos. ''But just visiting the Web link on an unprotected computer puts it at risk of infection... The message is simple -- don't trust everything you read on the Internet, and ensure you are not putting your computer and its data in danger.''
Sophos analysts have intercepted hundreds of the spam messages being sent using a variety of different domain names as disguises.
Sophos analysts are warning users and IT manager to make sure their software is patched, their anti-virus software is up-to-date, and that they act cautiously with their email.