Back to Press Room

Press Release

Avinti Security Alert Update: Malware Delivered Through .HTML Spam

Hackers Change Tactics in Spam Delivering Malware Through the Web

LINDON, Utah - (August 23, 2007) - Avinti, a developer of proactive e-mail security solutions, has issued a security alert update on the ongoing attack by hackers using e-mail to launch web-based malware attacks. This latest e-mail attack is part of a recent increase in spam-like greetings that encourage users to click on a link in the body of the e-mail to view an apparently, legitimate site, but instead links to malicious code, or malware . The latest version of this blended threat e-mail comes under various subject lines announcing e-cards and greetings, offering ringtones, or asking to confirm online registrations. What appears to the end user is an .htm attachment in the e-mail which includes the body of previous e-mail messages that links to a malicious web site.

“A few companies that have had previous outbreaks have attempted to set up ad hoc filters to block these e-mails if they contained an IP address, a signature of the earlier attacks,” said Dave Green, Avinti’s CTO. “However, this new tactic encodes the e-mail so that the e-mail would be a garbled string of text to an application trying to read the email body. However, when that email arrives at the e-mail client, it is decoded as an .htm file that can be read by the end user and still clicked on to launch the attack.”

Avinti’s iSolation Server is designed to block blended threat attacks, including e-mail that uses URL links, IP addresses, or active content in the e-mail to launch web-based attacks. The iSolation Server with Blended Threat Protection™ was used to block both the original e-mails containing IP addresses and the new variant with .htm files attached.

Green noted that early evidence from companies indicates a high success rate for the attacks, “We spoke with one potential customer who noted a click through rate as high as 2% on these attacks over the last few months. That is a high success rate for a malware attack, which may be why we’ve seen so many attacks recently with many different variants.”

Blended threat attacks have risen as hackers have increasingly used the tactic to circumvent detection by traditional signature-based AV products. Several versions of e-mails have been used in the last few weeks, all carrying URL-based blended threats, under subject lines such as Animated Postcard, Greeting eCard, Neighbor Sent You a Greeting, and various registration confirmation subjects. The e-mails often include highlighted domains of reputable Web sites, including postcards.com, egreetings.com, netfuncards.com, hallmark.com, and 2000greetings.com. Other versions will certainly appear as hackers are quickly changing e-mail names, domain names, URLs, and IP addresses to avoid detection.

Avinti’s iSolation Server, a proactive e-mail security solution, stops stealthy, complicated threats such as this attack and other zero-day malware attacks, targeted threats, blended threats, and mass variants. Its patent-pending technology complements existing security solutions by detecting threats without having to rely on signatures. Avinti’s approach is unique because it safely observes actual behavior of potentially threatening messages, rather than relying on reactive signature-based approaches.

About Avinti

Avinti is a proactive e-mail security solutions company with a different approach to protecting enterprises from security threats. Avinti’s iSolation Server proactively and safely block threats not detected by traditional security solutions. Avinti has customers in a variety of industries, including financial services, health care, service providers and education. The company’s investors include Sequel Venture Partners, Symantec, and vSpring Capital.

# # #