Spammers have suddenly cranked up the use of malicious html file attachments in recent days, according to security company Barracuda Networks.
One in particular, a standard advert for fake antivirus software, installs a back door - even if the browser is closed so by the time the html file has been clicked it is already too late.
Spam built around html is nothing new, but does seem to have become a hot technique in the last year or so with some spammers. A popular variant is the bogus 'Delivery Status Notification Failure', a sneaky way to get the attention of a user without arousing suspicion.
"So yes, a seemingly innocent HTML email attachment can do plenty of damage, and while quite stealthy, definitely not harmless," concludes Barracuda Labs' researcher, Dave Michmerhuizen.
Since attachment attacks became a favourite tactic, spammers have tried almost every common format in existence, sometimes moving to obscure ones in an attempt to get around spam filters.