21% of all HTML attachments scanned over past month were malicious: Report

New Delhi, Jul 3 (IANS): After analysing data on the millions of attachments, a team of researchers has found that 21 per cent of all HTML attachments scanned over the past month were malicious.

According to Barracuda researchers, malicious HTML attachments are being used for credential phishing.

"These attacks are difficult to detect because HTML attachments themselves are not malicious. Attackers do not include malware in the attachment but instead use multiple redirects with Javascript libraries hosted elsewhere," Parag Khurana, Country Manager, Barracuda Networks India, said in a statement.

"Potential protection against these attacks should take into account an entire email with HTML attachments, looking at all redirects and analysing the content of the email for malicious intent," Khurana added.

The malicious HTML attachments include a link to a phishing site, which, when opened, gets redirected to a third-party machine that requests the users to enter their credentials to access information or download a file that may contain malware.

HTML attachments are commonly used in email communication. These are particularly common in system-generated email reports that users might receive regularly. These messages include URL links to the actual report.

Attackers have been embedding HTML attachments in emails disguised as a weekly report, tricking users into clicking on phishing links.

These are successful techniques because hackers no longer need to include malicious links in an email, allowing them to easily bypass anti-spam and anti-virus policies.



Top Stories

Leave a Comment

Title: 21% of all HTML attachments scanned over past month were malicious: Report

You have 2000 characters left.


Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.