Infectious spam hijacks users who view the message. [IMG: J.Anderson]
According to eleven, this latest resurgence of an old attack method is similar to so-called drive by downloads, where users are infected by opening a malicious Website in the browser. Here, the “drive-by-spam” eliminates the need to place harmful attachments or links in the e-mail, which allowed the attackers the bonus of infecting cautious users, who would normally never open an unknown attachment or link.
Most layered security systems that include spam filtering will flag these malicious notices. Here at The Tech Herald, in addition to the protection offered by eleven, we can confirm that Norton, Kaspersky, BitDefender, and Cloudmark (part of VIPRE Internet Security 2012) are blocking them as well. We were unable to confirm other security suites at the time of writing.
In addition to layered protections, the old advice of reading email in plain text is also helpful. For those who may need tips on how to do this, see below:
Outlook 2010: File -> Options -> Trust Center -> Trust Center Settings -> Read all standard / signed mail in plain text
Outlook 2007: Tools -> Trust Center -> E-mail Security -> Read all standard / signed mail in plain text
Outlook 2003: Tools -> Options -> Preferences -> E-mail Options -> Message handling -> read all mail in plain text.
Thunderbird: View -> Message Body As -> Plain Text