Email with Malicious HTML Attachments
Malware is often embedded in email as compressed attachments (such as .zip, .rar, etc.). Recently, however, Symantec has noticed an increase in malicious email attacks with .htm (HTML) attachments.
Here is what the message looks like in your inbox:
- Exploit browser and plugin vulnerabilities to run arbitrary code
- Display fake antivirus scans and other fraudulent information
- Hijack browsing sessions
- Redirect users to malicious websites
- Steal information
Here are some best practices to protect yourself from malicious email attacks:
- Be selective on which websites you share your email address with.
- Avoid clicking on suspicious links in email or instant messages (these may be links to spoofed websites). We suggest typing Web addresses directly into the browser rather than clicking on links in messages.
- Do not open spam messages.
- Do not reply to spam: typically the sender’s email address is forged, and replying may only result in more spam.
- Do not open unknown email attachments. These attachments could compromise your computer.
- Always be sure that your operating system is up-to-date with the latest updates and use a comprehensive security solution. For details on Symantec’s offerings, visit http://www.symantec.com.