Drive-by email malware alert: Plain text is just plain common sense

By | January 30, 2012

Posted in: Network Security Trends

Just when I thought I was too smart to be fooled by malicious email, a report from German researchers made me start thinking about it again. The researchers, from the email security firm eleven, have identified drive-by download spam, which means that your computer will be infected if you simply open the message. No link or attachment to be wary of. You can be compromised even if you have disciplined yourself not do overtly stupid things on your computer.

Just when we’ve gotten to the point, after hammering the message home again and again and again, so that most users seem to get that they shouldn’t open attachments or click on links even in the slickest looking email messages, we see a new example of HTML  malware proliferation . I just got a very nice phishing message purporting to come from Intuit, complete with the corporate logo. I didn’t bite, but it was good enough to make me hesitate, even though the salutation was “Dear valued customer” rather than “Dear Neil” or “Dear Mr. Roiter,” an instant giveaway. At any rate, I am not an Intuit customer, valued or otherwise.

But I  opened it. Fortunately, it was the typical click-on-this-and-suffer variety of phishing message, so I simply deleted it and lived to read email another day. But if it had been one of these drive-by download messages, I could’ve been toast. The bogus emails activate a JavaScript that downloads malware when opened in much the same way that malicious and compromised legitimate websites infect unlucky visitors. In this case, however, you aren’t lured to a website by a link, attachment, malicious web ad, or a message that appears to come from a Facebook friend or Twitter follower. It’s right there in your inbox.

The particular emails cited by eleven (see the image below) carry the subject “Banking Security Update” and advise that “Your Wire and ACH transactions have been temporarily suspended. Please open the attached document for more information.” It appears to come from the legitimate fdic.com address. I’ve gotten a lot of phishing messages dealing with ACH (automatic clearing house) transactions, so I dump them without opening them. But a small business owner might well check it out. Or I might open an email that looks like it comes from my bank, or Amazon.com, my credit card company, etc. What if a Zappos.com customer gets drive-by email that carries his name, address, phone number and last four digits of his credit card number? Wouldn’t you at least look?

So, after reading about the latest drive-bys, I switched my incoming email so that everything comes in plain text. It’s a little bit of an inconvenience, but I think it’s worth the extra peace of mind (if you are using Outlook, go to Tools/Options/Email Security/Read as Plain Text. It's easy to switch the view to HTML if (a) I am sure I trust the source and (b) I care. I should have been viewing in plain text long ago, but I'd gotten a little complacent and a little lazy.

Email Malware

You May Also Be Interested In: