• Multiple malware versions via malspam emails

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Multiple malware versions via malspam emails

    Tags:

    Author
    Topic
    Kirsty
    Manager
    February 4, 2019 at 1:04 am #320480

    Multiple malware versions via malspam emails
    Share This with your friends and contacts. Help THEM to stay safe:

    By Derek Knight | February 4th, 2019

     
    The start to another week with several different malspam emails arriving overnight to start off Monday Morning with a bang. They are all typical subjects & email content and all deliver various well known malware, using a variety of exotic compressed (zip) files, many of which don’t natively extract on windows without special tools.

    Be very careful with email attachments. All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day.

    The basic rule is NEVER open any attachment to an email, unless you are expecting it. Now that is very easy to say but quite hard to put into practice, because we all get emails with files attached to them. Our friends and family love to send us pictures of them doing silly things, or even cute pictures of the children or pets.

    They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers.

     
    Read the full article here

    EDIT: Sept 21, 2020
    myonlinesecurity.co.uk is no longer available – here is the link to the WayBack Archive copy of the linked page.

    6 users thanked author for this post.
    Elly, satrow, jburk07, Pepsiboy, ScotchJohn, Lars220
    Reply | Quote
    Viewing 2 reply threads
    Author
    Replies
    • Lars220
      AskWoody Plus
      February 4, 2019 at 1:28 am #320484

      Thank you Kirsty, a good heads up and reminder to be careful with all emails nowdays. The article says “The basic rule is NEVER open any attachment to an email, unless you are expecting it.” and also lists some attachment extensions to never open before scanning with antivirus/anti-malware scans: “If you see JS or .EXE or .COM or .PIF or .SCR or .HTA .vbs, .wsf , .jse  .jar at the end of the file name DO NOT click on it or try to open it, it will infect you.
      Their link to the ‘How to Protect yourselves” page is well worth visiting and reviewing:

      https://myonlinesecurity.co.uk/how-to-protect-yourself-and-tighten-security/

      And for all the love lorn beware of love emails as per Bleeping Computer:

      https://www.bleepingcomputer.com/news/security/love-letter-malspam-serves-cocktail-of-malware-heavily-targets-japan/

      Keep up the good work Kirsty, really apprciate your insights.

      Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases
      2 users thanked author for this post.
      Elly, Kirsty
      Reply | Quote
      • satrow
        AskWoody MVP
        February 4, 2019 at 6:13 am #320538

        For the .JS, .PIF, .SCR, .HTA, .vbs, .wsf, .jse or .jar extensions, you can test ScriptDefender to see if it successfully intercepts them on your Windows version(s).

        2 users thanked author for this post.
        Elly, Kirsty
        Reply | Quote
    • Pepsiboy
      AskWoody Lounger
      February 4, 2019 at 5:32 am #320528
      Kirsty wrote:

      Multiple malware versions via malspam emails Share This with your friends and contacts. Help THEM to stay safe: By Derek Knight | February 4th, 2019 The start to another week with several different malspam emails arriving overnight to start off Monday Morning with a bang. They are all typical subjects & email content and all deliver various well known malware, using a variety of exotic compressed (zip) files, many of which don’t natively extract on windows without special tools. … Be very careful with email attachments. All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. The basic rule is NEVER open any attachment to an email, unless you are expecting it. Now that is very easy to say but quite hard to put into practice, because we all get emails with files attached to them. Our friends and family love to send us pictures of them doing silly things, or even cute pictures of the children or pets. … They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Read the full article here

      Kirsty,

      Thanks for the great article. MY rule for e-mail is that if it is NOT on my “WHITE LIST”, it goes into the “Spam” file, which I clear out daily WITHOUT opening any of them. (I usually get anywhere from 15 to 50 of these every day.) It is a bit of a hassle, BUT, I feel that it is lowering the chance of being infected at least a little bit.

      Keep up the good work giving us tips and help.

      Dave

      1 user thanked author for this post.
      Kirsty
      Reply | Quote
    • mn–
      AskWoody Lounger
      February 4, 2019 at 5:54 am #320532

      Easy for you to say… I just can’t go with the “never open” when the end users ask me to determine if some file is for real or not. And the same goes with business mailboxes where attachments are expected anyway.

      But yeah, some of the malware is quite tricky.

      (Whoever had the “bright” idea that confidential email could be exchanged by using a web sign-in at some random-looking address instead of proper PGP or even S/MIME? Sheesh… and Microsoft’s version nicely sends the one-time sign-in code back to the same mailbox, too.)

      Reply | Quote
      • Kirsty
        Manager
        February 4, 2019 at 12:59 pm #320946

        Where businesses must access attachments from unknown senders, their due diligence would include scanning saved attachments with their AV product, and opening the attachment within a sandbox environment. Some even only use a Virtual Machine to open attachments, to protect their production computing environment.

        Their big problem is training all their staff, or setting their machines/software, to not open attachments directly from their email solutions. It’s back to the social engineering aspect of the problem – it’s just too easy to click on Open, without thinking about it first. Especially if you don’t fully comprehend the problem.

        2 users thanked author for this post.
        wavy, Elly
        Reply | Quote
        • Paul T
          AskWoody MVP
          February 5, 2019 at 2:19 am #321422
          Kirsty wrote:

          Where businesses must access attachments from unknown senders, their due diligence would include scanning saved attachments with their AV product, and opening the attachment within a sandbox environment.

          Unfortunately business is run by people and they are lazy / uneducated / uncaring, so due diligence is rarely performed. 🙁

          cheers, Paul

          Reply | Quote
        • mn–
          AskWoody Lounger
          February 5, 2019 at 3:13 am #321430

          Well, yeah.

          In one of my former workplaces, I *didn’t* have the task of checking suspicious attachments… there we had a full virtualized sandbox desktop complete with autoscan and very tight security, for interacting with untrusted attachments.

          Just a “bit” more expensive altogether than small businesses are usually willing to pay for, though…

          1 user thanked author for this post.
          Kirsty
          Reply | Quote
    Viewing 2 reply threads
    Reply To: Multiple malware versions via malspam emails

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.