New Drive-By Spam Infects Those Who Open Email — No Attachment Needed
Dark Reading reports attackers have developed a new way to infect your PC through email — without forcing you to click on an attachment. According to researchers at eleven, a German security firm, the new drive-by spam automatically downloads malware when an email is opened in the email client. The user doesn’t have to click on a link or open an attachment — just opening the email is enough. The new generation of email-borne malware consists of HTML e-mails which contain a JavaScript which automatically downloads malware when the email is opened, according to eleven. This is similar to so-called drive-by downloads, which infect a PC by opening an infected website in the browser. The current wave of drive-by spam contains the subject “Banking security update” and has a sender address with the domain fdic.com. If the email client allows HTML emails to be displayed, the HTML code is immediately activated.
