Attackers have developed a new way to infect your PC through email — without forcing you to click on an attachment.
According to researchers at eleven, a German security firm, the new drive-by spam automatically downloads malware when an email is opened in the email client. The user doesn’t have to click on a link or open an attachment — just opening the email is enough.
The current wave of drive-by spam contains the subject “Banking security update” and has a sender address with the domain fdic.com. If the email client allows HTML emails to be displayed, the HTML code is immediately activated.
The user only sees the note “Loading…Please wait,” eleven says. In the meantime, the attempt is made to scan the PC and download malware.
Aside from updating their anti-spam and anti-malware tools, users can fight the new attack by deactivating the display of HTML e-mails in their email client, eleven advises. They can choose the option of displaying emails in pure-text format only.
MSE veterans won’t notice a lot of huge changes in this version, but certain interface elements have changed slightly—the icons along the top are gone, and certain wordings have changed a bit to make the program easier to use. The “Real-Time Protection” setting is now an all-or-nothing checkbox, and SpyNet has been renamed to the Microsoft Active Protection Service to make a bit clearer what it actually does. Microsoft has also baked in some performance improvements and better detection powers. Microsoft Security Essentials is a free download for Windows only. You can get the new version through Windows Update. -Via Lifehacker