Using a number of search engine optimization-driven subject lines, the latest campaign tries to get recipients to click on "harmless" HTML attachments which launches an obfuscated Javascript attack that sends users to a variety of websites peddling everything from bogus CODECS to pharmacy.
One in particular, a standard advertisement for fake antivirus software, installs a back door -- even if the browser is closed so by the time the HTML file has been clicked it is already too late. (See also "How to Spot an E-Mail Scam.")
Spammers increasingly using malicious HTML in e-mails
Posted on Tuesday, September 28 2010 @ 7:07 CEST by Thomas De Maesschalck
Security firm Barracuda Networks reports spammers are cranking up the use of malicious HTML attachments that launch JavaScript attacks: