Commtouch labs have detected large volumes of emails with malicious HTML attachments. The emails purport to come from a range of legitimate sites including:
- Bell Canada
So let’s say you read our previous blog about the rise of the malicious HTML attachments. You open the attached HTML file in a text reader to find the malicious links – but your search for “http” only turns up genuine “newegg.com” links. Where is the rogue destination link? We find it hidden in the nasty script – but broken into little pieces:
In other words: http://tracebook.us/1ht… Opening the HTML file in your browser will automatically direct you to this link (or similar depending on the file received – in the example below it was http://enjoyyourhaircut.com/…).
Now comes our favorite part. The screen that greets you next:
4 seconds?? If you’re going to install malware get on with it already…