Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
New Drive-By Spam Infects Those Who Open Email -- No Attachment Needed
Getting infected just got a whole lot easier, researchers say
1 Min Read
Attackers have developed a new way to infect your PC through email -- without forcing you to click on an attachment.
According to researchers at eleven, a German security firm, the new drive-by spam automatically downloads malware when an email is opened in the email client. The user doesn't have to click on a link or open an attachment -- just opening the email is enough.
"The new generation of email-borne malware consists of HTML e-mails which contain a JavaScript which automatically downloads malware when the email is opened," eleven says in a news release."This is similar to so-called drive-by downloads, which infect a PC by opening an infected website in the browser."
The current wave of drive-by spam contains the subject "Banking security update" and has a sender address with the domain fdic.com. If the email client allows HTML emails to be displayed, the HTML code is immediately activated.
The user only sees the note "Loadingā¦Please wait," eleven says. In the meantime, the attempt is made to scan the PC and download malware.
Aside from updating their anti-spam and anti-malware tools, users can fight the new attack by deactivating the display of HTML e-mails in their email client, eleven advises. They can choose the option of displaying emails in pure-text format only.
Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author
You May Also Like
More Insights
_santoelia_Alamy.jpg?width=700&auto=webp&quality=80&disable=upscale)