Monday, September 27, 2010

HTML is Not Harmless – Email Security Update � The Barracuda Labs Internet Security Blog

HTML is Not Harmless – Email Security Update � The Barracuda Labs Internet Security Blog:
“What harm can an HTML file do?

The answer is
plenty.”

Attracting attention by latching on to the latest breaking news is a technique that attackers have been using for quite some time. In fact, several examples of SEO poisoning and search malware are explored throughout barracudalabs.com and this blog. Google hot topic search results frequently are littered with links to hacked sites that serve up malicious JavaScript. Now, the attackers are taking that a step further and not requiring the user to come to their hacked sites but rather simply emailing the same malicious JavaScript sites straight to an inbox.
image

image

image

“These emails are presented as something just innocent enough that a user might allow curiosity to overrule caution and click “open”. However, once that happens, the HTMLs suddenly don’t seem so harmless.”

image

Opened in a browser window, this JavaScript sends the browser to a variety of destinations depending on the spammer

.
Read the article at
con·cept: HTML is Not Harmless – Email Security Update � The Barracuda Labs Internet Security Blog