ACT Security News For The Week of May 1st, 2015

ACT Security News For The Week of  May 1st, 2015
Beware of Word, Excel and Zip attachments from strangers

As malware writers get more clever, file types that were historically considered harmless are now being loaded with scripts and macros that can deliver potentially dangerous payloads using old standbys like Word and Excel files.  Malware writers embed their payloads within these documents to hide from A/V programs.  The same is true of ZIP files.  Hackers love to hide malware in .ZIP files because many Anti-Virus programs have difficulty deciphering data inside of these files. 
Open a “loaded” .DOC, .XLS or .ZIP file and out pops a rogue program!

How do you get infected by document-based malware?

 It can happen in a number of ways: The most obvious and avoidable way is when the questionable document is attached to a questionable email. A spam or phishing email with a subject line “Here’s that document that you requested” or something similar is easy to spot (though a surprising number of malware attacks

are successful in what should be obviously risky email messages).

 How about documents on a website?  Sure, these documents may seem safe to download but hackers are very adept at burying malicious files on otherwise legitimate web sites.  These are often tough for people to avoid.   What if the document is attached to the email from someone you know? And it really is “that document that you asked for”?  Some document-based malware has the ability to spread to other documents on an infected system.  Once there, any legitimate document a user sends to friends and colleagues  could end up spreading the malware.

Sometimes this type of malware uses embedded scripting to silently download and install other malware from sites on the Internet. Often these downloaded payloads take the form of some of the worst kinds of malware out there like rootkits that steal information from your system or botnets that make your system part of the malicious networks used to attack both companies and networks to continue the spread of malware and spam.

Other types of document-based malware hide malicious payloads within the document itself. These executables and programs get launched separately by the macros or scripts within the document and continue to spread the malware infection throughout the user’s system.

Document-based malware can also be used to steal identities or even prevent access to files and data. A recently discovered PDF-based attack was used as a form of “ransomware,” encrypting
a user’s files and sending a message requesting a payment in order for the user to access their files again.

How Can You Prevent Infection?

First and foremost is simply being aware of the threat and exercising caution with incoming documents.

Then, make sure all of your software is up-to-date, from your operating system to your document programs to your anti-virus and security tools.  To a large degree, many of the most common document-based malware types take advantage of un-patched security holes.

Dedicated security tools or anti-malware features of IDS/Firewalls can also go a long way toward stopping document malware before it hits your system and off-premises spam scrubbers can often detect and stop infected documents before they even reach your network.

Finally, in both Word and Adobe Reader, it is possible to turn off macros and scripts, or generate a notification before they can run.  While not a perfect solution, this can prevent many potential problem.

The “We need your help for Nepal” Scam

There has been a big up-tick in fraudulent spam solicitations since the earthquake.

 It is best to ignore these solicitation and instead make your contributions through more traditional sites like the Red Cross.
Using E-mail Encryption

A friend of ours recently shared an experience that one of his attorney colleagues recently had with unencrypted email.  The attorney was working with a title company on a home purchase for a client.  As closing approached, the title company sent him an email with an unencrypted attachment containing instructions on how to transfer funds to settle the Transaction.  Before the attorney could complete the transfer, he received a follow-up email that looked like it also came from the same person at the title company with a revised Attachment changing the destination account number for the funds transfer.  Yup, you guessed it!  The second email was a fake but they didn’t discover that until they arrived at the closing and were informed by the title company that the transfer of funds never arrived.

The rest of the story takes on a more familiar theme.  The redirected funds were deposited into a bank account owned by a little old lady who fell victim to the familiar Nigerian Prince scam where she was offered a “handling commission” if she would take delivery of the funds in her new account, keep a portion of the total and then transfer the balance to an off-shore bank account. 

The authorities had no trouble tracking the fraudulent transfer to the little old lady but not the real bad guys.  Guess who’s on the hook for the fraud?

Is there a moral to this story?  Yes, all communication containing confidential communications should be encrypted – both emails AND attachments.  There are quite a number of very inexpensive (or even FREE) options available to protect confidential information as it moves across the Internet.  There is plenty of blame to go around on this one.

Thanks,  Jeff