14 DAY TRIAL // Spam campaigns, which generated emails with malicious HTML attachments, have been particularly aggressive during the past four months and they accounted for between two and eight percent of all spam.
According to data from security vendor Sophos, the most affected months were June and September, when the volume of spam with HTML attachment reached eight percent of the total junk mail traffic.
In comparison, the months of July, August and October have seen average distribution levels of 2% to 3%, which is still significant.
The majority of rogue HTML files served in this manner consist of phishing pages or contain JavaScript code that redirects users to malware pushing websites.
As far as phishing is concerned, attacks employing this technique have targeted the customers of organizations like PayPal or Banchi de Credito Cooperativo.
"Instead of setting up a bogus financial website, scammers insert the phishing contents directly into the HTML attachment," the Sophos researchers explain.
The JavaScript redirect method is much more common and the second half of September has seen waves of emails with random subjects, content and attachment names.
The September HTML documents directed users to scareware pages pushing fake antivirus software, while in June, the redirectors were associated with Facebook, FIFA World Cup and Skype related spam.
Even though the HTML attachments seem to be popular with spammers at the moment, a fact also confirmed in reports from other vendors, there is no reason to believe that the number of such attacks will actually increase.
"Although the HTML attachment spam campaigns has been spiking during the last 4 months, from the view of SophosLabs; the campaigns have been inconsistent in their distribution.
"SophosLabs has no reason to believe that this pattern is likely to change in the next few months," the Sophos researchers conclude.