Use of malicious HTML email attachments increased significantly in the third quarter according to Internet security technology vendor CommTouch. In its Q3 2010 Internet Threats Trend Report (PDF), CommTouch examined the methodology within blended attacks, such as the "Here You Have" worm, which spread widely in September using Outlook contact lists from infected PCs. Both "Here You Have" and numerous fake LinkedIn invitations relied on a combination of social engineering and masked hyperlinks to lead users to websites with malware scripts.
"The increased use of HTML attachments shows how prominent the multi-stage attack vector has become," said Asaf Greiner, Commtouch vice president, products. "The blended nature of malicious activity further highlights the need for an integrated security offering that can block spam and malware emails, prevent users from visiting malicious Web sites and delete malware files and scripts."
Other highlights from the Q3 Trend Report include: