Press release:

Warning: Driveby Spam Infects PCs When E-Mail Is Opened

Comprehensive protection against spam and malware as well as disallowing HTML e-mails protects against new malware distribution method

Berlin, January 27, 2012 – The eleven Research Team has issued a warning about a new and particularly dangerous e-mail-borne method to infect PCs with viruses and Trojans. This driveby spam automatically downloads malware when the e-mail is opened in the e-mail client. Previous malware e-mails required the user to click on a link or open an attachment for the PC to be infected. The new generation of e-mail-borne malware consists of HTML e-mails which contain a JavaScript which automatically downloads malware when the e-mail is opened. This is similar to so-called driveby downloads which infect a PC by opening an infected Website in the browser. Driveby spam eliminates the detour via attachments or links in the e-mail and also affects cautious users which would never open an unknown attachment or link.

The current wave of driveby spam contains the subject „Banking security update“ and has a sender address with the domain, a US-based insurance company. If the e-mail client allows HTML e-mails to be displayed the HTML code is immediately activated. The user only sees the note „Loading…Please wait…“ (see image). In the meantime, the attempt is made to scan the PC and download malware.

In order to be protected against driveby spam, users can take the following measures:

  • Make sure that your e-mail account is comprehensively protected against spam and malware and that all spam and malware filters are updated.
  • De-activate displaying HTML e-mails in your e-mail client and choose the option of displaying e-mails in pure-text format only. In this case, the HTML content is contained in an e-mail attachment and the infection can only take place if the attachment is opened.


(72dpi, rgb)

eleven on Twitter:

eleven – E-mail security "Made in Germany"

eleven is a leading e-mail security provider based in Germany. Its eXpurgate technology, which is unique worldwide, offers a spam filter and e-mail categorization service that protects the user reliably from spam and phishing, detects potentially dangerous e-mail and can distinguish between individual messages and any kind of mass e-mail. eXpurgate also offers numerous virus protection options and a powerful e-mail firewall.

Over 45,000 companies of all sizes use eXpurgate to check and categorize more than a billion e-mail messages every day. Customers include Internet service providers and telecommunication carriers such as T-Online, O2, Vodafone and freenet as well as many well-known companies and public institutions, including Air Berlin, the Federal Association of German Banks, DATEV, the Free University of Berlin, Landesbank Berlin, Mazda, RTL, ThyssenKrupp and Tobit Software AG. For more information, visit our website at:

Company contact:

eleven GmbH
Sascha Krieger
Hardenbergplatz 2
10623 Berlin
Phone: +49 (0)30 / 52 00 56-0

Media contact:

consense communications gmbh
Stefanie Weigl
Nymphenburger Straße 86
80636 Munich
Phone: +49 (0)89 / 23 00 26-0

Go back