If you hadn’t already noticed, an ongoing spam campaign where someone is sending email messages with attached HTML files continues to be a problem. The current campaign appears to be a new wave of spam similar to the one I reported about in July.
The messages, which began arriving a week ago, have subject lines pulled from news headlines (“Cops kill shooter at Johns Hopkins Hospital,” “America’s Got Talent Judges Were They Shocked,” “Daniel Covington”) and with a financial angle (“Apartment for rent,” “Invoice for Floor replacement,” “credit card,” and the ever-popular “Shipping Notification”).
The messages themselves are brief, such as the one shown above, and encourage the recipient to open the attached file.
Several readers have already sent me messages complaining about the volume, and asking what to do about the spam. My answer is the same with these spam messages as with any other spam messages: Delete them, mark them as spam, or do whatever you can to train your email spam filter to learn and block those messages.
One thing you should not do is open the HTML file.
Invariably, these files contain obfuscated Javascript code that’s designed to make it hard to see what the file will do. In fact, the contents of the attachment look just like this.
However, each of these HTML attachments simply instructs the browser to navigate to a Web site that has been hijacked. Each of the redirects ends up on a page named x.html on the hijacked site. The page uses a common exploit kit, and loads code that attempts to take advantage of security vulnerabilities that may be present in your browser and other installed applications in order to infect your computer.
So, as tempting as it may be to click these files, please don’t.
as of 12:00 noon today, my e-mail host and virus software are now picking up on this type of e-mail. so this might be the end of this FOR now.