New Drive-By Spam Infects Those Who Open Email -- No Attachment Needed
Getting infected just got a whole lot easier, researchers say
Attackers have developed a new way to infect your PC through email -- without forcing you to click on an attachment.
According to researchers at eleven, a German security firm, the new drive-by spam automatically downloads malware when an email is opened in the email client. The user doesn't have to click on a link or open an attachment -- just opening the email is enough.
More Security Insights
- Forrester Study: The Total Economic Impact of VMware View
- Securing Executives and Highly Sensitive Documents of Corporations Globally
- Top Big Data Security Tips and Ultimate Protection for Enterprise Data
- Client Windows Migration: Expert Tips for Application Readiness
The current wave of drive-by spam contains the subject "Banking security update" and has a sender address with the domain fdic.com. If the email client allows HTML emails to be displayed, the HTML code is immediately activated.
The user only sees the note "Loading…Please wait," eleven says. In the meantime, the attempt is made to scan the PC and download malware.
Aside from updating their anti-spam and anti-malware tools, users can fight the new attack by deactivating the display of HTML e-mails in their email client, eleven advises. They can choose the option of displaying emails in pure-text format only.
Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.