• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • New Drive-By Spam Infects unsuspecting users

New Drive-By Spam Infects unsuspecting users

Pierluigi Paganini February 01, 2012

The threat arrives via email, is now read consuetidine attacks that use email as a vector for spreading malware. Until now we have observed as typical scenario for the contagion an unsuspecting user that clicks on a link in the body of email that started the download of malware or that open the agent directly attached to the email.

Unfortunately that aren’t the only way to infect remote pc, attackers have developed a new way to infect your PC through email without forcing any action from users. According the announcement of researchers at Eleven, a German security firm, it is sufficient that an email is opened in the email client to infect the final host without that the user click on a link or open an attachment. Eleven experts said that a new malware attack uses JavaScript in HTML email and doesn’t require user interaction to become infected.

Once the email is opened and the HTML is displayed, the malware attempts to scan the user’s computer and download malware while displaying a “Loading…please wait,” message. The easiest way to avoid this malware spam attack is to deactivate display of HTML emails in your account. The experts says that the mechaninsm is the same used to infect PC while users open an infected web site in their browser.

“This is similar to so-called drive-by downloads, which infect a PC by opening an infected website in the browser.”

The “drive-by spam” attacks observed are using email with well known subject “Banking security update” and a sender address with the domain fdic.com. If the email client allows HTML emails to be displayed, the HTML code is immediately activated. If we receive an email with the subject, “Banking Security Update,” or a similar message, we must take every precaution before opening open it at all, it is suggested to choose the option of displaying emails in pure-text format only to avoid problems.

The increasing use of email makes it much harder to detect whether an email is legitimate or counterfeit, and we must take in care that the with the introduction of the IPv6 blacklist-based anti-spam solutions will become early obsolete.
According to eleven, “the significant expansion of the address space allows for the use of throwaway addresses, which will be used only once for spamming.”
Blacklist concept is based on the possibility to identify those addresses used several times for spamming purpose, with the IPv6 the concept is not applicale due the wide options in term of address given to the attackers.

What are the simple rules to follow to avoid being victims of this type of fraud?

Ignore e-mails that ask for confidential data!

In general, send banks but also credit card companies and online payment services do not make e-mails that link to a page on which you should enter your account information. Delete the e-mail immediately and then not on the link! The mere visit to the site may lead to an infection with a virus or or trojan ( Drive-by download )!

Check whether the site is secure! 

Check to see where the link actually leads

Pay attention to the exact spelling of the URL! 

Always make sure that the spelling of the URL (even in e-mail sender!) And check it for spelling errors! Also check that URL, the company normally uses (by comparison with the site or with real e-mail)!

Pay close attention to what data you should enter! 

Not only account and credit card phishing is dangerous

Alleged e-mails from Facebook or Hotmail can be just as dangerous as those from your bank.

Pierluigi Paganini

References

http://www.eleven-securityblog.de/2012/01/phishing-funf-tipps-zum-erkennen-betrugerischer-e-mails/


facebook linkedin twitter

cyber Cyber Crime Drive-By Spam email Facebook Hackers Hacking Internet Large scale infiltration malware phishing Social Network

you might also like

Pierluigi Paganini July 10, 2025
UK NCA arrested four people over M&S, Co-op cyberattacks
Read more
Pierluigi Paganini July 10, 2025
Qantas data breach impacted 5.7 million individuals
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

    Uncategorized / July 11, 2025

    U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

    Hacking / July 11, 2025

    UK NCA arrested four people over M&S, Co-op cyberattacks

    Cyber Crime / July 10, 2025

    PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

    Hacking / July 10, 2025

    Qantas data breach impacted 5.7 million individuals

    Data Breach / July 10, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT