Latest SPAMs, SCAMs and Hoaxes: [Virus] 'Drive-by' email with the subject 'Banking security update' infects immediately without opening any attachments

« Home | [SPAM] Your ID Has Been Awarded - Send Your Names ... »

[Virus] 'Drive-by' email with the subject 'Banking security update' infects immediately without opening any attachments

0 Comments Published by Ebisu on Feb 4, 2012 at 1:42 AM.

Berlin based email security company Eleven has issued a warning about a new and particularly dangerous e-mail-borne method to infect PCs with viruses and Trojans. This driveby spam automatically downloads malware when the e-mail is opened in the e-mail client. Previous malware e-mails required the user to click on a link or open an attachment for the PC to be infected. The new generation of e-mail-borne malware consists of HTML e-mails which contain a JavaScript which automatically downloads malware when the e-mail is opened. This is similar to so-called driveby downloads which infect a PC by opening an infected Website in the browser. Driveby spam eliminates the detour via attachments or links in the e-mail and also affects cautious users which would never open an unknown attachment or link.

According to Eleven, this new threat has been spotted in emails that pretend to come from the Federal Deposit Insurance Corporation, the U.S. government's insurance plan for consumer bank deposits. The subject heading is "Banking security update" but it's likely that variants on that theme are in the works.

Incidentally, the U.S. security giant Symantec spotted a very similar fake FDIC email message with the subject line "Update for your banking account" It carried the malicious HTML file as an attachment.

For more info »»

1. Driveby Spam Infects PCs When E-Mail Is Opened

2. 'Drive-by' email infects readers immediately

3. Email with Malicious HTML Attachments