Drive-by Spam E-mails Suffices in Compromising Computers
Researchers at a German security firm, eleven, observed the inflow of a new spam that automatically downloads malware on a system at the immediate instance of being opened via e-mail. This type of spam is so powerful that it does not even require the help of an attachment to be opened; just opening the e-mail is enough.
This explicit e-mail is sent through the spoofed Federal Deposit Insurance Corporation (FDIC) address and informs the recipient about updating their banking security information. The subject line encrypts the title "Banking security update", with the address of the sender containing the domain name fdic.com.
The mail further informs the recipient about temporary suspension of their Wire and ACH transactions and requires them to read the attached document for enhanced information in this context.
The attempt however prompts the user with the notification "Loading...Please wait," as accorded by eleven, while the time is spent for scanning the PC and downloading malware in the system.
Nevertheless, in the existence of a series of safety measures, these threats can be mitigated to an extent.
eleven advises users to update their anti-spam and anti-malware tools, which would deactivate the display of HTML e-mails in their e-mail client, and facilitate them towards fighting the new attack. Users can also select the option that will help them towards displaying the e-mails in the format of pure text only.
Related article: Drive Lock Sales Surge to Block USB Forts From Spreading Malware
» SPAMfighter News - 07-02-2012