Researchers with AppRiver have observed attackers sending out phishing emails with SVG files attached – these files, when downloaded and executed, open up websites that download what appears to be CryptoWall ransomware.
AppRiver observed thousands of phishing emails – one was sent from a Yahoo address and claimed to include a resume – being sent to small stores, law offices, IT businesses, schools and more, Jon French, security analyst with AppRiver, told SCMagazine.com in a Thursday email correspondence.
In order for an infection to occur, user interaction is required more than once, French indicated. First, a user must download the ZIP attachment in the phishing email, which contains the SVG file. When the user opens the SVG file, a small JavaScript entry will cause their browser to open to a website that leads to another ZIP file being downloaded. This file contains the payload, which must be manually executed.
When downloaded and executed, the SVG files cause websites to open up that download what appears to be CryptoWall ransomware.
The upshot? Another file extenstion to add to your blocking filters. Read the full article here.
The bad guys are pretty good at social engineering end users. If it seems attractive or worrying enough, end users can be made to click on almost anything. Effective security awareness training is a must these days. Find out how affordable it is today and be pleasantly surprised.