People need to be familiar with the types of malicious attachments used in phishing emails, according to Lawrence Abrams at BleepingComputer. One of the most common methods of installing malware is via macros (small pieces of code) embedded in Microsoft Office documents. These are disabled by default for security reasons, but attackers craft documents to trick users into enabling macros.
Different commodity malware strains tend to use different techniques to convince people to enable macros. Threat actors using the Dridex Trojan, for example, frequently use documents that have very small or hard-to-read content, with a large banner telling the user to click “Enable content” in order to view the content clearly. Emotet, on the other hand, is often distributed via documents that display an error informing the user that they need to enable content to gain access to the document.
The BazarLoader malware is often spread via phishing emails that contain a link to Google Docs or Google Sheets. If a user clicks the link, they’ll be asked to download what appears to be a Word document. This is actually an executable file that installs the malware directly.
These techniques aren’t exclusive to these strains of malware, but users can protect themselves as long as they know they should never click “Enable content” in an Office document.
While the use of macro-laden Office documents is extremely widespread and effective, Lawrence adds that attackers can also use files that execute automatically when they’re opened.
“Finally, you should never open attachments that end with the .vbs, .js, .exe, .ps1, .jar, .bat, .com, or .scr extensions as they can all be used to execute commands on a computer,” Abrams says. “As most email services, including Office and Gmail, block ‘executable’ attachments, malware distributors will send them in password-protected archives and include the password in the email. This technique allows the executable attachment to bypass email security gateways and reach the intended recipient.”
New-school security awareness training can enable your employees to protect themselves against these threats.
BleepingComputer has the story.