Researchers at a German security firm, eleven, observed the inflow of a new spam that automatically downloads malware on a system at the immediate instance of being opened via e-mail. This type of spam is so powerful that it does not even require the help of an attachment to be opened; just opening the e-mail is enough.
According to researchers, malware e-mails requires at least a click by the user to open a link or an attachment for undertaking a PC. However, the new generations of spam e-mails are coded with HTML or even the JavaScript, which automatically downloads malware on being opened. This kind of infection is quite similar to the so-called spam drive-by downloads that infects a PC by opening a compromised website in the browser. The drive-by spam eradicates the detour through attachments or links in the e-mail and thus, affects alert users from opening an unknown attachment or link.
This explicit e-mail is sent through the spoofed Federal Deposit Insurance Corporation (FDIC) address and informs the recipient about updating their banking security information. The subject line encrypts the title "Banking security update", with the address of the sender containing the domain name fdic.com.
...
