Latest News  

Kaspersky's top 4 dangerous file attachments point to archives, MO documents, pdf files and IMG disk images


According to a study of cyber security solutions provider Kaspersky, spammers send billions of messages every single day. It is mostly trite advertising — annoying, but generally harmless. But every once in a while, there is a malicious file attached to one of the messages.

2019-06-02 21:56:24

To provoke the recipient into opening a dangerous file, it is usually masked as something interesting, useful, or important: a work document, a great offer, a gift card bearing the logo of a well-known company, and so on.

Malware distributors have their own "pet" formats. In this post we explore this year's top malware-hiding files.

1. ZIP and RAR archives

Cybercriminals love to conceal malware in archives. For example, ZIP files teasingly titled Love_You0891 (the number varied) were used by attackers to distribute GandCrab ransomware on the eve of St. Valentine's Day. Other scammers were sighted a couple of weeks later sending archives with the Qbot Trojan, which specializes in stealing data.

This year also saw the discovery of an interesting WinRAR feature. When creating an archive, it turns out, one can set up rules to unpack the contents into the system folder. In particular, contents can go into the Windows startup folder, causing them to start at the next reboot. Therefore, we recommend that WinRAR users update it immediately to fix this.

2. Microsoft Office documents

Microsoft Office files, especially Word documents (DOC, DOCX), Excel spreadsheets (XLS, XLSX, XLSM), presentations, and templates, are also popular with cybercriminals. These files can contain embedded macros — small programs that run inside the file. Cybercriminals use macros as scripts for downloading malware.

Most often, these attachments target office workers. They are disguised as contracts, bills, tax notifications, and urgent messages from senior management. For example, a banking Trojan that goes by the name Ursnif was foisted on Italian users under the guise of a payment notice. If the victim opened the file and agreed to enable macros (disabled by default for security reasons), a Trojan was downloaded onto the computer.

3. PDF files
Many people know about the dangers of macros in Microsoft Office documents, but they are often less aware of booby traps in PDF files. Nevertheless, PDFs can conceal malware. The format can be used to create and run JavaScript files.

What's more, cybercriminals are fond of hiding phishing links in PDF documents. For example, in one spam campaign, fraudsters encouraged users to go to a "secure" page where they were asked to sign into their American Express account. Needless to say, their credentials were immediately forwarded to the scammers.

4. ISO and IMG disk images

In comparison with the previous types of attachments, ISO and IMG files are not used very often. Cybercriminals have been paying increasing attention to them of late, however. Such files — disk images — are basically a virtual copy of a CD, DVD, or other disk.

Attackers used a disk image to deliver to victims' computers malware such as the Agent Tesla Trojan, which specializes in stealing credentials. Inside the image was a malicious executable file that, when mounted, activated and installed spyware on the device. Curiously, in some cases, the cybercriminals used two attachments (an ISO and a DOC) together, apparently as a fail-safe.

Here is some recommendation of Kaspersky on how to handle potentially dangerous attachments:

Consigning all messages with an attached archive or DOCX/PDF file to the spam folder would be overkill. Instead, to outfox scammers, remember a few simple rules:

1. Do not open suspicious e-mails from unknown addresses. If you don't know why a particular message with a particular subject line landed in your inbox, most likely you don't need it.
If your work involves dealing with correspondence from strangers, carefully check the sender's address and the name of the attachment. If something seems odd, don't open it.
2. Do not allow macros to run in documents that arrive by e-mail unless you're certain that you have to.
3. Treat all links inside files with caution. If you don't see why you are being asked to follow a link, just ignore it. If you believe that you do need to follow a link, manually enter the address of the relevant website in your browser.
4. Use a reliable security solution that will notify you about dangerous files and block them, and also will issue a warning if you attempt to go to a suspicious site.


0 COMMENTS ^ Go back to Top
WRITE A COMMENT ^ Go back to Top
 
Your email address will not be published.
Nickname
Email
Comment
Validation Code
   
 
 
NEWS
Endava opens two new software centers at Brasov and Timisoara

Top five ranking software company Endava, with a turnover exceeding 500 million lei in 2018, announced the opening of two new software centers at Timisoara and Brasov.

 Read Full article »
Volvo Cars and Uber present production vehicle ready for self-driving

Volvo Cars, a leader in automotive safety, and Uber, the leading ride-hailing firm, today present a jointly developed production car capable of driving by itself, the next step in the strategic collaboration be

 Read Full article »
Pepper Escu, the first humanoid robot in Romania's commercial real estate business works at CBRE

Starting May, the real estate consultant CBRE has brought Pepper Escu on its team, the first humanoid robot in a real estate company in Romania. CBRE aims to use the robot's technological abilities to create sy

 Read Full article »
Rebranding Creativity 2019, the first applied creativity and creative-problem-solving conference in CEE takes place at Cluj-Napoca

Rebranding Creativity, a conference powered by Crea-Est professional association and supported by strategic partner RSM Romania will take place at Cluj-Napoca.

 Read Full article »
The importance of having a vision and build business agility

In the past year the outsourcing industry became - due to its constant growth as market but also as intrinsic evolution of people and companies - one of the most reliable barometers of fundamental metrics of th

 Read Full article »
Undelucram.ro study reveals the top of companies offering the best salaries in their industry

As expected, the companies operating in IT & C, banks and consultancy provide the best salaries, bonuses and personal development opportunities, show an online ranking conducted by online portal undelucram.ro.

 Read Full article »
E.ON to hire 300 specialists for the Iasi-based Software and Development center

E.ON Software Development (ESD), part of the German group E.ON announced it started an ambitious development plan in Romania that that will triple the number of employees from 100 people to 400 in the next two

 Read Full article »
Microsoft and Oracle to interconnect Microsoft Azure and Oracle Cloud

Microsoft Corp. and Oracle Corp. on Wednesday announced a cloud interoperability partnership enabling customers to migrate and run mission-critical enterprise workloads across Microsoft Azure and Oracle Cloud,

 Read Full article »
TotalSoft 2018 turnover at 19 mln. Euro, Q1 2019 revenue up 16 per cent

TotalSoft, one of Central Europe's leading providers of business software solutions, reported a turnover of 19 million euro in 2018, while its revenues in Q1 2019 were 16 percent up YoY to 5.4 million Euro, t

 Read Full article »
Endava sells its fintech centre in Bucharest to Worldpay

UK-based technology company Endava said this week it is selling its fintech centre in Bucharest, Endava Technology, to payment processing company Worldpay

 Read Full article »
 
 
 
MOST READ ARTICLES
» Evolving from consumers of resources t...
» Preparing for the new future
» ROMANIAN OUTSOURCING AWARDS FOR EXCELL...
» Pepper Escu, the first humanoid robot ...
» Volvo Cars and Uber present production...
» Berg Software Romania: Reasons to outs...
» Marian V. Popa: Meet the speakers at R...
» Deloitte 2019 Global Human Capital Tre...
» Andrei Voica: Meet the speakers at Rom...
» How giving back pays dividends for com...
 
EDITOR CHOICE
Digital Transformation Conference to take place on June 19 at Bucharest

The Diplomat – Bucharest organizes Digital Transformation Conference to be held on 14 of June in Bucharest, at Hilton Hotel - Regina Maria Hall, starting 8:30 AM.

 Read Full article »
L&D Conference by The Diplomat Bucharest took place on June 4th at Bucharest

The Diplomat-Bucharest organizes the Third Edition of its Learning & Development CONFERENCE on 4 June, 2019 at InterContinental Hotel Bucharest starting 09:00 am.

 Read Full article »
Meet the winners of ROMANIAN BUSINESS SERVICES AWARDS, 2019 edition

ROMANIAN BUSINESS SERVICES FORUM & AWARDS 2019, in its fifth year, brrought on May 7, in Bucharest, a new concept event with engaging keynote sessions by industry leaders, interactive panel discussions, network

 Read Full article »
Few hours away from to the long awaited CEO Leaders Debate, a premiere of Romanian Business Services Forum and Awards

We are a few hours away to the long awaited CEO Leaders Debate, a premiere of Romanian Business Services Forum and Awards on May 7.

 Read Full article »
Colin C. Lovering: Meet the speakers at Romanian Business Services Forum & Awards 2019, on May 7

Colin C. Lovering has been living and working in Romania since 2009 when he arrived to offer consultancy and advice to organisations looking for growth and profitability and founded Achieve International.

 Read Full article »
Latest News  
 
about us | newsletter | contact | members area | GDPR policy
Copyright © 2015 by Diplomat Media Events Design by Diplomat Media Events