.HTA files should be blocked for all incoming mail. It runs just like a windows EXE file. The malware is exploiting this little known extension. Block it before it enters your email system.
Here is just the last few hours. Notice they are spoofing our domain, which I allow so that I can see their techniques:
![]( "Image: //static.spiceworks.com/shared/post/0019/5357/aug24virus.png")
Here is just the last few hours. Notice they are spoofing our domain, which I allow so that I can see their techniques:
Here is what we found:
SpamSentinel has identified the following restricted attachments:
* Image95.zip [archive contained 727763717403.hta]
Here is what Wikipedia says about .HTA:
"An HTA is treated like any executable file with extension .exe.
When a regular HTML file is executed, the execution is confined to the security model of the web browser, that is, it is confined to communicating with the server, manipulating the page's object model (usually to validate forms and/or create interesting visual effects) and reading or writing...