In the last few days, Bkis’ monitoring system has detected a large virus spreading campaign by sending spam emails with .html files attached. The spam emails have masqueraded as notifying messages from Twitter, Facebook or Microsoft, etc.
And fake outlook setup notification
The email subjects are varied:
“Reset your Twitter password”
“Reset your Facebook password”
“Outlook Setup Notification”
“FIFA World Cup South Africa… bad news”
The attachments can be named as:
The .html files contain the scripts similarly to the following:
Thus, when opening the attachments, users will be redirected to websites containing malicious codes which exploit flaws of Adobe, Java and IE to download viruses onto users’ computers. Opening .html attachments should be considered as accepting the invitations from hackers to visit malicious websites.
This method, is becoming a new dangerous trend, thanks to the following reasons:
1. So far, most viruses spreading via emails use common files as attachments such as .exe file, .zip file or .pif file, etc. Many users have raised awareness with these files. However, with .html files as attachments, most users would think the files are safe.
2. Moreover, .html attachments can bypass antivirus programs integrated in mail servers, because an .html file itself contains no malicious code or exploit code, but a link to a website made by hacker. Thus, it is hardly detected by antivirus programs.
Thus, we would recommend users to raise awareness of any files attached in unknown emails. Also, users should regularly update softwares on their computers and install antivirus programs for virus protection.
Le Minh Hung
Senior Security Researcher