Please wait while we infect your computer – more malicious HTML attachments

by

Commtouch labs have detected large volumes of emails with malicious HTML attachments.  The emails purport to come from a range of legitimate sites including:

  • Bell Canada
  • Craigslist
  • NewEgg

So let’s say you read our previous blog about the rise of the malicious HTML attachments.  You open the attached HTML file in a text reader to find the malicious links – but your search for “http” only turns up genuine “newegg.com” links.  Where is the rogue destination link?  We find it hidden in the nasty script – but broken into little pieces:

In other words: http://tracebook.us/1ht Opening the HTML file in your browser will automatically direct you to this link (or similar depending on the file received – in the example below it was http://enjoyyourhaircut.com/…).

Now comes our favorite part.  The screen that greets you next:

4 seconds??  If you’re going to install malware get on with it already…

Go back