Highlighting the sophistication of JavaScript obfuscation in spam email
Earlier today we noticed this rather unusual attack email in one of our catch-all email honeypots after making it through Gmail’s infamously strong “award winning spam and virus filtering”. For anyone wondering, this is the same honeypot from the last story, which continues to receive about 600,000 spam emails a month. This one stood out from a field of 300 other mails that made it to the inbox:
Dear Customer,
This e-mail was send by [domain].com to notify you that we have temporanly prevented access to your account.
We have reasons to beleive that your account may have been accessed by someone else. Please run attached file and Follow instructions.
(C) [domain].com
We had our own reasons to “beleive” otherwise. Attached was an HTML file appropriately named “open.html”. Opening it in notepad revealed obfuscated JavaScript:
Latest Comments