Email with Malicious HTML Attachments

Malware is often embedded in email as compressed attachments (such as .zip, .rar, etc.). Recently, however, Symantec has noticed an increase in malicious email attacks with .htm (HTML) attachments.

Here is what the message looks like in your inbox:

The attack contains a .htm attachment and obfuscated JavaScript is embedded in the coding of the file. The purpose of the JavaScript is to redirect your internet browser to a malware-hosting site in Russia which contains Trojan.Pidief and Trojan.Swifi.

Malicious JavaScript, when injected into an HTML file, can:

  • Exploit browser and plugin vulnerabilities to run arbitrary code
  • Display fake antivirus scans and other fraudulent information
  • Download JavaScript, HTML, and other files
  • Hijack browsing sessions
  • Redirect users to malicious websites
  • Steal information

Here are some best practices to protect yourself from malicious email attacks:

  • Be selective on which websites you share your email address with.
  • Avoid clicking on suspicious links in email or instant messages (these may be links to spoofed websites). We suggest typing Web addresses directly into the browser rather than clicking on links in messages.
  • Do not open spam messages.
  • Do not reply to spam: typically the sender’s email address is forged, and replying may only result in more spam.
  • Do not open unknown email attachments. These attachments could compromise your computer.
  • Always be sure that your operating system is up-to-date with the latest updates and use a comprehensive security solution. For details on Symantec’s offerings, visit