You Don't Even Have to Download an Attachment Anymore to Get Infected

By Sam Gibbs on at

Hackers just don’t take a break do they? You’ve heard of drive-by downloads, well meet drive-by emails -- the next stage in the evolution of the email-carried malware that you don’t even need to download.

Normally you’d be safe if you didn’t download the attachment, in fact your virus scanner might pick it up and quarantine it before you’ve even blinked, but not this time. Now all you need to do is open the email to get infected, and your virus scanner’s going to be none the wiser until it’s too late. A German security company called Eleven found the new class of malicious emails in the wild and said:

"The new generation of e-mail-borne malware consists of HTML e-mails which contain a JavaScript which automatically downloads malware when the e-mail is opened."

Of course you’re protected if you just view everything in plain text, but almost every email from any company comes with some sort of HTML formatting to spice things up a bit and grab your attention.

So watch out folks. Don’t click on anything that looks like it could be even remotely suspicious, or you could use an email client and force it to display everything in plain text. Just make sure you don’t end up as part of a botnet, unless you really want to, of course. [Eleven via MSNBC]

Image credit: Email from Shutterstock