Users should avoid spam messages titled as “Banking security update” and in general be careful with all Spam email messages. A sophisticated HTML based attack has surfaced which uses a malicious JS agent. Plain text viewing of email messages may also improve user safety.
Getting infected just got a whole lot easier, researchers say
The current wave of drive-by spam contains the subject “Banking security update” and has a sender address with the domain fdic.com. If the email client allows HTML emails to be displayed, the HTML code is immediately activated. The user only sees the note “Loading…Please wait,” eleven says. In the meantime, the attempt is made to scan the PC and download malware.