In the last few weeks we have detected increasing usage of HTML attachments in a variety of message types – all of them attempting to install malware. These sorts of attachments are generally not blocked by message scanning systems. In addition they may arouse less suspicion in users than zipped attachments.
In the examples below, the malware is either in the form of a script within the attached HTML or, more traditionally, leads to a website with some form of malicious script:
- Youtube friend invitation – includes Trojan downloader within HTML
- Delivery status notification – includes Trojan downloader within HTML
- Spam “hot news for you” – leads to a pharmacy website with malware script