Posted by Virus Bulletin on Feb 16, 2012
Cutwail botnet likely behind campaign that sends users to Phoenix exploit kit.
Researchers at M86 have reported a significant increase in the amount of spam sent with malicious HTML attachments, the volume of which on some days was 200 times that on the first day of the year.
HTML, the mark-up language used to create web pages, is commonly used in email to display various fonts and colours and to embed images. All modern email clients are capable of displaying HTML emails, though it is good practice for these to contain a text-part as well. A slight modification to the emails means the HTML-part is seen as an attachment that can be viewed in a web browser, rather than shown within the email client. It is this that is being used in a large spam campaign, of which M86 believes the Cutwail botnet is the perpetrator.
More at M86 here. The original story on the emails allegedly infecting users without the need to open an attachment is at eleven here, with comments from Sophos's Naked Security blog here.
Posted on 16 February 2012 by Virus Bulletin