Cybercrooks are using e-cards that appear to come from a secret admirer in a scam to collect sensitive personal information, a security expert has warned.Data including credit card numbers, online banking credentials, and log-in names and passwords of thousands of individuals from Australia and the U.S. has already been collected in the scam, Roger Thompson, chief technology officer at security software maker Exploit Prevention Labs, said in an interview Wednesday.The attacks involve e-mail messages that at first glance appear to be greeting cards from services like Yahoo or Blue Mountain, Thompson said. Clicking on the link to view the card, however, first sends the target to a malicious Web site that tries to silently install software that logs the user's keystrokes, he said. After that the card is displayed."It is really quick, nobody notices it," he said. "Unless you actually look at the source of the e-mail and say, 'Hang on, this is a redirect,' you wouldn't actually see it."
The miscreants use a flaw in Microsoft's Windows operating system to drop the spy software and a rootkit to hide it on PCs, Thompson said. Windows users who have installed the MS06-014 patch, released in May, are not vulnerable to this particular silent drive-by installation of malicious software.