Driveby vius
The driveby spam virus Eleven Research Team

A new type of email-borne virus, which can infect PCs even if the user doesn't open an attachment, has hit the cyberspace.

The new virus, which experts have classified as particularly dangerous, automatically downloads malware into the PC when the user clicks open the email. The only message that the user will see is Loading... Please wait...

The Internet security options installed on the PCs won't be triggered as the mails themselves are not infected.

The disastrous potential of the email-borne virus to infect the PCs even if the users don't click open an attachment has baffled Web security experts.

The new generation virus, which has been dubbed driveby emails, has been identified by Web security experts Eleven Research Team.

The new generation of email-borne malware consists of HTML emails which contain a JavaScript which automatically downloads malware when the email is opened. This is similar to so-called driveby downloads which infect a PC by opening an infected Website in the browser. Driveby spam eliminates the detour via attachments or links in the e-mail and also affects cautious users which would never open an unknown attachment or link, the Eleven Research Team said in a statement.

The drive-by spam comes with the subject Banking security update and has a sender address with the domain fdic.com, a U.S.-based insurance company. If the email client allows HTML emails to be displayed the HTML code is immediately activated. The user only sees the note Loading...Please wait.... In the meantime, the attempt is made to scan the PC and download malware, the experts warned.

How to protect the PCs from the driveby spam

In order to protect the PCs from the malware, users need to make sure that their email account is protected against spam and malware and that all spam and malware filters are duly updated.

Displaying HTML emails in the users' email client should be deactivated and they need to go for the option of displaying emails in pure-text format only. That way, users can make sure that the HTML content is contained in an email attachment and the PC will be infected only if the attachment is opened.