Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Email with Malicious HTML Attachments

Created: 30 Jan 2012 20:08:01 GMT • Updated: 23 Jan 2014 18:17:39 GMT • Translations available: 日本語
Sammy Chu's picture
0 0 Votes
Login to vote

Malware is often embedded in email as compressed attachments (such as .zip, .rar, etc.). Recently, however, Symantec has noticed an increase in malicious email attacks with .htm (HTML) attachments.

Here is what the message looks like in your inbox:

The attack contains a .htm attachment and obfuscated JavaScript is embedded in the coding of the file. The purpose of the JavaScript is to redirect your internet browser to a malware-hosting site in Russia which contains Trojan.Pidief and Trojan.Swifi.

Malicious JavaScript, when injected into an HTML file, can:

  • Exploit browser and plugin vulnerabilities to run arbitrary code
  • Display fake antivirus scans and other fraudulent information
  • Download JavaScript, HTML, and other files
  • Hijack browsing sessions
  • Redirect users to malicious websites
  • Steal information

Here are some best practices to protect yourself from malicious email attacks:

  • Be selective on which websites you share your email address with.
  • Avoid clicking on suspicious links in email or instant messages (these may be links to spoofed websites). We suggest typing Web addresses directly into the browser rather than clicking on links in messages.
  • Do not open spam messages.
  • Do not reply to spam: typically the sender’s email address is forged, and replying may only result in more spam.
  • Do not open unknown email attachments. These attachments could compromise your computer.
  • Always be sure that your operating system is up-to-date with the latest updates and use a comprehensive security solution. For details on Symantec’s offerings, visit