A spam postcard is making the rounds can deliver an unwelcome message if opened, said security research firm Sophos on Tuesday. The malicious postcard has the potential to engage in identity theft should Windows users click on the embedded Web site link.
The spam postcard spoofs the name of a friendly sender and prompts the recipient to click on a link to a Web site presumably presenting the postcard, according to Sophos. But users receive a nasty greeting when aon the link installs malicious code on the user's computer by exploiting a flaw in Internet Explorer. The code allows the attacker to steal personal information that may be stored on the user's machine.