Drive-by Spam Emails Infect Computers Without Links or Attachments

Up until now, most malicious emails that were designed to spread a virus or a Trojan required some user interaction, but new variants discovered by German security experts automatically infect a device when the email is opened in the email client.

Many security savvy users know that, as long as you don’t click on a link or open an attachment that comes with a suspicious looking email, you should be safe.

Unfortunately, this is about to change since researchers from eleven Research Team came across this improved variant which consists of HTML emails that contain a JavaScript designed to automatically download malware when the message is opened.

This malicious technique is similar to the one utilized in drive-by downloads in which compromised websites are altered to serve malevolent elements to users that visit them.

This specific scenario involves emails that come from a spoofed Federal Deposit Insurance Corporation (FDIC) address, informing the recipient of a banking security update.

“Your Wire and ACH transactions have been temporarily suspended. Please open the attached document for more information,” reads the email.

The problem is that the attachment automatically loads inside the email, unleashing whatever may be hiding in it.

The good news is that there are a couple of safety measures that can be applied to mitigate these threats.

First of all, you must make sure that the email account is properly protected against spam and malware with all the filters updated.

Secondly, these schemes only work if the recipient’s email account is configured to display HTML content. By setting the account to display emails in pure-text format only, the HTML isn’t loaded and as long as the actual attachment remains unopened, the user’s computer remains unharmed.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.