Latest News  

Kaspersky's top 4 dangerous file attachments point to archives, MO documents, pdf files and IMG disk images


According to a study of cyber security solutions provider Kaspersky, spammers send billions of messages every single day. It is mostly trite advertising — annoying, but generally harmless. But every once in a while, there is a malicious file attached to one of the messages.

2019-06-02 21:56:24

To provoke the recipient into opening a dangerous file, it is usually masked as something interesting, useful, or important: a work document, a great offer, a gift card bearing the logo of a well-known company, and so on.

Malware distributors have their own "pet" formats. In this post we explore this year's top malware-hiding files.

1. ZIP and RAR archives

Cybercriminals love to conceal malware in archives. For example, ZIP files teasingly titled Love_You0891 (the number varied) were used by attackers to distribute GandCrab ransomware on the eve of St. Valentine's Day. Other scammers were sighted a couple of weeks later sending archives with the Qbot Trojan, which specializes in stealing data.

This year also saw the discovery of an interesting WinRAR feature. When creating an archive, it turns out, one can set up rules to unpack the contents into the system folder. In particular, contents can go into the Windows startup folder, causing them to start at the next reboot. Therefore, we recommend that WinRAR users update it immediately to fix this.

2. Microsoft Office documents

Microsoft Office files, especially Word documents (DOC, DOCX), Excel spreadsheets (XLS, XLSX, XLSM), presentations, and templates, are also popular with cybercriminals. These files can contain embedded macros — small programs that run inside the file. Cybercriminals use macros as scripts for downloading malware.

Most often, these attachments target office workers. They are disguised as contracts, bills, tax notifications, and urgent messages from senior management. For example, a banking Trojan that goes by the name Ursnif was foisted on Italian users under the guise of a payment notice. If the victim opened the file and agreed to enable macros (disabled by default for security reasons), a Trojan was downloaded onto the computer.

3. PDF files
Many people know about the dangers of macros in Microsoft Office documents, but they are often less aware of booby traps in PDF files. Nevertheless, PDFs can conceal malware. The format can be used to create and run JavaScript files.

What's more, cybercriminals are fond of hiding phishing links in PDF documents. For example, in one spam campaign, fraudsters encouraged users to go to a "secure" page where they were asked to sign into their American Express account. Needless to say, their credentials were immediately forwarded to the scammers.

4. ISO and IMG disk images

In comparison with the previous types of attachments, ISO and IMG files are not used very often. Cybercriminals have been paying increasing attention to them of late, however. Such files — disk images — are basically a virtual copy of a CD, DVD, or other disk.

Attackers used a disk image to deliver to victims' computers malware such as the Agent Tesla Trojan, which specializes in stealing credentials. Inside the image was a malicious executable file that, when mounted, activated and installed spyware on the device. Curiously, in some cases, the cybercriminals used two attachments (an ISO and a DOC) together, apparently as a fail-safe.

Here is some recommendation of Kaspersky on how to handle potentially dangerous attachments:

Consigning all messages with an attached archive or DOCX/PDF file to the spam folder would be overkill. Instead, to outfox scammers, remember a few simple rules:

1. Do not open suspicious e-mails from unknown addresses. If you don't know why a particular message with a particular subject line landed in your inbox, most likely you don't need it.
If your work involves dealing with correspondence from strangers, carefully check the sender's address and the name of the attachment. If something seems odd, don't open it.
2. Do not allow macros to run in documents that arrive by e-mail unless you're certain that you have to.
3. Treat all links inside files with caution. If you don't see why you are being asked to follow a link, just ignore it. If you believe that you do need to follow a link, manually enter the address of the relevant website in your browser.
4. Use a reliable security solution that will notify you about dangerous files and block them, and also will issue a warning if you attempt to go to a suspicious site.


0 COMMENTS ^ Go back to Top
WRITE A COMMENT ^ Go back to Top
 
Your email address will not be published.
Nickname
Email
Comment
Validation Code
   
 
 
NEWS
Cushman & Wakefield Echinox: StreamWIDE joins the new IT hub created in the Timpuri Noi Square project

StreamWIDE, a company specialized in the software and telecommunications industry, realocates its office in Bucharest in the Timpuri Noi Square project, joining the new IT hub created in the business park devel

 Read Full article »
CBRE: Office deliveries expected to bring new stock of 635.00 sqm, Bucharest to reach 3.9 mln sqm modern office spaces

During 2020–2021 to approx. 635,000 sqm of modern office space are expected to be delivered on market, increasing the Bucharest modern stock at approx. 3.9 million sq m, a step closer to a new a threshold and

 Read Full article »
Uber opens at Bucharest the largest support center to drivers and business partners in CEE

Uber company launched this week in Bucharest the largest center in Central and Eastern Europe that offers assistance to drivers and business partners in Romania, a center where they can contact directly Uber re

 Read Full article »
Samsung and Orange Romania activated the 5G VR Live streaming at Untold Music Festival in Romania

Samsung Electronics and Orange Romania have successfully deployed a 5G New Radio (NR) network to demonstrate a series of 5G use cases at Untold Festival 2019, the largest annual dance music festival in Romania,

 Read Full article »
MVP Lab in Sibiu named as one of Europe's best in the "Ones to Watch" list at European Business Awards

Ropardo MVP Lab has been named as ‘One to Watch' in Europe in a list of business excellence published by the European Business Awards, one of world's largest and longest running business competitions.

 Read Full article »
Endava marks one year since IPO

Endava, one of the most important software companies, present on the local market with 7 delivery centers, reaches an almost double capitalization, 2.07 billion USD, on July 26, 2019, one year after listing. Th

 Read Full article »
Infosys opens cyber defence centre in Bucharest

Infosys, a global leader in next-generation digital services and consulting, announced the launch of its Cyber Defence Centre in Bucharest, Romania. The Defence Centre is an expansion of services delivered thro

 Read Full article »
QuEST Global completes integration of IT Six Global Services

QuEST Global, a global product engineering and lifecycle services company, has successfully completed the integration of IT Six Global Services SRL. QuEST Global acquired IT Six, a software engineering services

 Read Full article »
RE MAX Romania opens three more offices

RE/MAX Romania has expanded its network, adding three new offices – RE/MAX Partners in Cluj, RE/MAX Quality in Sibiu and RE/MAX Prestige in Targu Mures.

 Read Full article »
Microsoft and OpenAI form exclusive computing partnership to build new Azure AI supercomputing technologies

Microsoft Corp. and OpenAI have partnered to further extend Microsoft Azure's capabilities in large-scale AI systems, according to a release of Microsoft.

 Read Full article »
 
 
 
MOST READ ARTICLES
» Meet the winners of ROMANIAN BUSINESS ...
» Capgemini to open new office at Suceav...
» Molson Coors started to grow its busin...
» The Outsourcing industry announces its...
» Grégoire Vigroux appointed the new Vi...
» PwC: The competitive advantages of Rom...
» Genpact's COO: Staying ahead of the cu...
» Leoni to open new SSC in Cluj, cut job...
» Oracle reaches 4,200 employees and pla...
» IBM leases 18.000 sqm in Forte Partner...
 
EDITOR CHOICE
Workplace of the Future conference to take place on November 20th at Bucharest

The Diplomat-Bucharest together with Outsourcing Today organize the 3rd Edition of WORKPLACE OF THE FUTURE, on 20th of November 2019, in Bucharest, at Capital Plaza Hotel.

 Read Full article »
Strategic Talent Acquisition at People Empowering Business Forum on October 30 in Bucharest

Latest trends like demographic upheaval, globalization, digital technology, and changing social values and worker expectations, are disrupting business models and radically changing the workplace. These are req

 Read Full article »
Informal IT School and UiPath launch an educational program for RPA development to start in October

Informal IT School announced a partnership with UiPath to launch an RPA development educational program of five months, 100 hours of courses, five days a week. The program will run in Cluj-Napoca.

 Read Full article »
Impact Hub Bucharest joins 3house to manage three coworking spaces in the city

Impact Hub Bucharest, a coworking spaces manager and developer of accelerator programs and events merged with 3house, a new concept of workplace launched in 2018. By this, Impact Hub reaches 3 locations and 6.7

 Read Full article »
JLL: Total office space in Bucharest to reach 3 million sqm

The second quarter of 2019 reconfirmed the increased interest for the office market in Romania. Over 115,000 square meters of office space were leased over this period at the national level, a value similar wit

 Read Full article »
Latest News  
 
about us | newsletter | contact | members area | GDPR policy
Copyright © 2015 by Diplomat Media Events Design by Diplomat Media Events