Fake eBay “payment request” e-mails lead to malware

E-mails purporting to contain a payment request from eBay are hitting inboxes around the world:

The message contains no text – just an attached .html file. If the file is downloaded and opened, an embedded malicious JavaScript runs and redirects the victim’s web browser to a compromised webpage.

According to Sophos, two things happen after that:

1. The victim’s browser is redirected again and opens up a spam-site (Canadian Pharmacy or similar)
2. Simultaneously, a malicious iFrame downloads all sorts of malware from other websites where it’s hosted.

The redirection to the spam-site is just a trick to camouflage the real goal of this spam campaign: getting your computer infected. This attack is a combination of two techniques (1, 2)that have lately been prominently featured in the online criminals’ repertoire.