Incident Response, TDR

One-click fraud campaign targets IE users in Japan and China

Researchers with Symantec have identified a one-click fraud campaign targeting Internet Explorer users in both Japan and China.

The attack involves getting a user to download and run an HTML Application (HTA) file, which Symantec researchers observed occurring on porn video websites, according to a Thursday post

Upon running the HTA file, a non-terminating pop-up window appears and will reappear if the computer is restarted. It asks users to pay to join an adult website and states that the window will go away if a payment is made.

“This attack only affects Internet Explorer users as HTA files need the mshta.exe engine to execute code, which is available only in Internet Explorer,” the post stated, adding that “infected users can delete the registry entry and any files dropped by the script to remove the pop-up window.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.