My university's central computing group just sent out this warning:
DO NOT CLICK ON ANY LINKS OR GO TO ANY WEB ADDRESSES IN SUCH MESSAGES!
If you do so, your computer is likely to be attacked by sophisticated programs designed to search for weaknesses in your computer's configuration and use them (if found) to inject viruses or bot programs into your computer.
Simply visiting the Web page will cause an attack, even without clicking on anything in the page.
Although up-to-date, well-maintained computers with current anti-virus software are less vulnerable, even they might be infected by such sites.
Because they are simple text, these messages are difficult for anti-virus and anti-spam programs to identify and filter out.
For more information about these emails, please see the following Web page:
http://www.washington.edu/computing/news/postcard_phish.htmlI don't envy the task of educating 40,000 users about computer security, and having received these fake e-postcards myself I know it's an actual attack vector for malware. But what's interesting is the way that the urban legend/misinformation of 2000 (just visiting a site can infect your computer!) becomes the reality of 2007.
From the linked FAQ:
How long till "DO NOT CLICK ON ANY LINKS OR GO TO ANY WEB ADDRESSES" just in general?