Malicious HTML Mail Attachments Flood Inboxes

by

Share this news now.

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to Yahoo BuzzAdd to Newsvine

If you hadn’t already noticed, an ongoing spam campaign where someone is sending email messages with attached HTML files continues to be a problem. The current campaign appears to be a new wave of spam similar to the one I reported about in July.

The messages, which began arriving a week ago, have subject lines pulled from news headlines (“Cops kill shooter at Johns Hopkins Hospital,” “America’s Got Talent Judges Were They Shocked,” “Daniel Covington”) and with a financial angle (“Apartment for rent,” “Invoice for Floor replacement,” “credit card,” and the ever-popular “Shipping Notification”).

The messages themselves are brief, such as the one shown above, and encourage the recipient to open the attached file.

Several readers have already sent me messages complaining about the volume, and asking what to do about the spam. My answer is the same with these spam messages as with any other spam messages: Delete them, mark them as spam, or do whatever you can to train your email spam filter to learn and block those messages.

One thing you should not do is open the HTML file.

Invariably, these files contain obfuscated Javascript code that’s designed to make it hard to see what the file will do. In fact, the contents of the attachment look just like this.

However, each of these HTML attachments simply instructs the browser to navigate to a Web site that has been hijacked. Each of the redirects ends up on a page named x.html on the hijacked site. The page uses a common exploit kit, and loads code that attempts to take advantage of security vulnerabilities that may be present in your browser and other installed applications in order to infect your computer.

So, as tempting as it may be to click these files, please don’t.
wordpress blog stats


Share this news now.
Malicious HTML Mail Attachments Flood Inboxes by

Trackbacks

  1. [...] been more than a week that we at Webroot, and countless others, have been getting floods of bogus messages with HTML attachments. I thought I’d give the curious readers of this blog a quick glance at one of the drive-by [...]