Users should avoid spam messages titled as “Banking security update” and in general be careful with all Spam email messages. A sophisticated HTML based attack has surfaced which uses a malicious JS agent.  Plain text viewing of email messages may also improve user safety.

Getting infected just got a whole lot easier, researchers say

QUOTE:  According to researchers at eleven, a German security firm, the new drive-by spam automatically downloads malware when an email is opened in the email client. The user doesn’t have to click on a link or open an attachment — just opening the email is enough. “The new generation of email-borne malware consists of HTML e-mails which contain a JavaScript which automatically downloads malware when the email is opened,” eleven says in a news release.”This is similar to so-called drive-by downloads, which infect a PC by opening an infected website in the browser.”

The current wave of drive-by spam contains the subject “Banking security update” and has a sender address with the domain If the email client allows HTML emails to be displayed, the HTML code is immediately activated. The user only sees the note “Loading…Please wait,” eleven says. In the meantime, the attempt is made to scan the PC and download malware.