Drive-by Spam E-mails Suffices in Compromising Computers

Researchers at a German security firm, eleven, observed the inflow of a new spam that automatically downloads malware on a system at the immediate instance of being opened via e-mail. This type of spam is so powerful that it does not even require the help of an attachment to be opened; just opening the e-mail is enough.

According to researchers, malware e-mails requires at least a click by the user to open a link or an attachment for undertaking a PC. However, the new generations of spam e-mails are coded with HTML or even the JavaScript, which automatically downloads malware on being opened. This kind of infection is quite similar to the so-called spam drive-by downloads that infects a PC by opening a compromised website in the browser. The drive-by spam eradicates the detour through attachments or links in the e-mail and thus, affects alert users from opening an unknown attachment or link.

This explicit e-mail is sent through the spoofed Federal Deposit Insurance Corporation (FDIC) address and informs the recipient about updating their banking security information. The subject line encrypts the title "Banking security update", with the address of the sender containing the domain name fdic.com.

The mail further informs the recipient about temporary suspension of their Wire and ACH transactions and requires them to read the attached document for enhanced information in this context.

The attempt however prompts the user with the notification "Loading...Please wait," as accorded by eleven, while the time is spent for scanning the PC and downloading malware in the system.

Nevertheless, in the existence of a series of safety measures, these threats can be mitigated to an extent.

eleven advises users to update their anti-spam and anti-malware tools, which would deactivate the display of HTML e-mails in their e-mail client, and facilitate them towards fighting the new attack. Users can also select the option that will help them towards displaying the e-mails in the format of pure text only.

A gist of recommendation by researchers at eleven includes the inclusion of a properly protected e-mail account with updated filters against spam and malware. Though the schemes for protection only functions when the e-mail account of the recipient is configured to display HTML content. Configuring the setting towards displaying pure text format, the HTML text is not loaded and the actual attachment remains unopened, thus safeguarding the user's computer from being harmed.

Related article: Drive Lock Sales Surge to Block USB Forts From Spreading Malware

» SPAMfighter News - 2/7/2012