In the last few days, Bkis’ monitoring system has detected a large virus spreading campaign by sending spam emails with .html files attached. The spam emails have masqueraded as notifying messages from Twitter, Facebook or Microsoft, etc.

Fake twitter

Fake facebook

And fake outlook setup notification

The email subjects are varied:

“Reset your Twitter password”
“Reset your Facebook password”
“Outlook Setup Notification”
“FIFA World Cup South Africa… bad news”
..

The attachments can be named as:

news.html
open.html
index.html
ecard.html
facebook_newpass.html
..

The .html files contain the scripts similarly to the following:

Thus, when opening the attachments, users will be redirected to websites containing malicious codes which exploit flaws of Adobe, Java and IE to download viruses onto users’ computers. Opening .html attachments should be considered as accepting the invitations from hackers to visit malicious websites.

This method, is becoming a new dangerous trend, thanks to the following reasons:

1. So far, most viruses spreading via emails use common files as attachments such as .exe file, .zip file or .pif file, etc. Many users have raised awareness with these files. However, with .html files as attachments, most users would think the files are safe.

2. Moreover, .html attachments can bypass antivirus programs integrated in mail servers, because an .html file itself contains no malicious code or exploit code, but a link to a website made by hacker. Thus, it is hardly detected by antivirus programs.

Thus, we would recommend users to raise awareness of any files attached in unknown emails. Also, users should regularly update softwares on their computers and install antivirus programs for virus protection.

Le Minh Hung

Senior Security Researcher

Trackback URI | Comments RSS