How Hackers Use Malicious Attachments to Give You Malware – Ask Leo!

How Hackers Use Malicious Attachments to Give You Malware - Ask Leo!

Combined with unpatched software, it’s a recipe for disaster.

Malware for You
Another day, another report of hackers exploiting vulnerabilities. Here’s how you stay safe.

I ran across this quote in a news article earlier today:

They target Windows users with malicious Winword attachments that exploit a Microsoft MSHTML remote code execution (RCE) bug . . .

It’s about a specific bug and a specific exploit, but honestly, it’s just an example of the #1 way hackers try to invade our systems.

It’s worth understanding exactly what it means.

Malicious attachments and you

Hackers use fake emails to fool you into opening attachments containing malware. The malware often targets unpatched vulnerabilities or bugs in the operating system or other software on your machine. It’s important to remain skeptical and cautious before opening any attachments, and always keep your system and other software as up to date as possible.

The specifics

The quote is from a BleepingComputer article, “Hackers exploit Microsoft MSHTML bug to steal Google, Instagram creds“.

The targeting is apparently a little more specific than that:

A newly discovered Iranian threat actor is stealing Google and Instagram credentials belonging to Farsi-speaking targets worldwide . . .

By the time you read this, the vulnerability will likely have been patched.

This is a great example, however, of what I see happening every day.

Here’s how you protect yourself.

Attachments: the hacker’s way in

The first phrase catching my attention was “malicious Winword attachments”. (Winword refers to Microsoft Office’s Word for Windows.)

Combined with a well-crafted phishing email message, attachments are the easiest way to get malware onto your computer. If the attacker can convince you to open the attachment, all bets are off.

The most common scenarios include urgent-sounding messages that urge you to open an attached document to learn more about a package delivery. It’s not limited to messages purporting to be about unexpected deliveries, however.

These types of messages typically (but not always) share these characteristics:

Don’t. Just … don’t.

Resist the urgency. Take the time to examine the message carefully before doing anything. Make sure it really is from who it says it is from.

If you’re unsure, ignore the message and contact the company that supposedly sent the message in some other way.

Attachments are only half the battle, however.

Unpatched vulnerabilities: the hackers’ goal

The second phrase that got my attention was “exploit a . . . bug”.

Malware generally attempts to take advantage of “vulnerabilities”.  Vulnerabilities are nothing more than software bugs that are exploited to allow the malware to do something it shouldn’t. The most common example is called “privilege escalation”, which allows the malware to silently act as administrator on your machine even if you’re an admin yourself.

Naturally, these types of bugs are fixed relatively quickly,1 and the fixes are made available via Windows Update.

This is why it’s important to keep your machine — all your software, really — as up to date as possible. This means letting Windows Update run automatically and taking updates as they’re offered. Unless you’re willing and able to track individual vulnerabilities and their fixes (and I’m not), staying as up to date as possible is the wisest thing to do to stay safe.

And yet, there’s a hole in the safety net: zero-day.

Dealing with all this is what I consider my most important topic, and as a result, my most important article: Internet Safety: 7 Steps to Keeping Your Computer Safe on the Internet.

“Zero-day”: the hacker’s jackpot

A “zero-day” vulnerability is a software issue that:

Zero-day” means that the software vendor has zero days to fix it before it’s a problem — it’s already a problem. (If a vulnerability is discovered before hackers learn about it, then there’s time to fix it before they use it “for real”.)

Do this

For you as a user, all this implies several important steps you need to take.

And subscribe to Confident Computing! — my weekly newsletter with more information every week to help you stay safe. Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Related Questions

What is the most common form of malicious email attachment?

The most common visible malicious email attachment form is probably .pdf — files purporting to be a document but containing malicious code instead. The most common hidden format is likely to be an .exe file that masquerades as some other format, like pdf. This is often due to a default setting in Windows File Explorer that hides the extension of known file types.

How do you identify malicious attachments?

You can’t really identify malicious attachments directly — at least not without scanning them with anti-malware tools. A more effective way to identify malicious attachments is to evaluate their delivery mechanism: is the email to which they are attached legitimate?

What harm can malicious attachments cause?

Malicious attachments can contain malware, and malware can do anything. Anything malware can do can be delivered via malicious attachments. This could include, but is not limited to, installing keyloggers, copying your private data, and more.

Podcast audio

1: I have to say relatively because the speed of a repair, and the speed of it being made available via Windows Update, varies depending on the severity of the issue. Repairs themselves also add risk, so it’s not always a simple decision to fix everything as fast as possible.

This content was originally published here.

Laat een reactie achter

Het e-mailadres wordt niet gepubliceerd.