The truth is that most malware attacks are not highly sophisticated.
Although some security vendors might be keen to demonstrate how clever their analysts are, and scare the bejesus out of you with descriptions of advanced malware that exploits new zero-day vulnerabilities in order to burrow into your network and steal your data, most aren’t quite like that.
Often the attackers will use the oldest trick in the book, exploiting human weaknesses to trick users into opening a file that can contain malicious code, or clicking on a link to a boobytrapped website.
It’s not that clever. But it works.
And because it works, the bad guys who are trying to infect your PC (and yes, it normally is your PC – although Macs are not somehow magically immune) keep using the same tricks.
Earlier today I received an unsolicited email, with a file attached.
Now, I’m a battle-hardened skeptical security guy so I’m probably more wise to these kind of attacks than the typical internet users, but the fact is that we all need to be careful not to let down our guard.
In this particular case the email claims to contain an invoice.
Would you open the .DOC file?
I hope not. Hopefully you know to be wary of .DOC files (which can either contain malicious macros, or have malicious code embedded inside them).
Hopefully you also know to be wary of .EXE files, and .PDF files, and .VBS files, and .SCR files (which are just .EXE files with a different name), and indeed to be suspicious of pretty much any attachment that is sent to you unexpectedly out of the blue.
Because, if you stopped opening unsolicited attachments, you would no longer be falling into that particular trap set by the hackers.
And if you convinced your colleagues in the office, and your friends and family, to be equally wary – well, you would be doing a lot of good.
Maybe you would go one step further, and teach them that delivery companies like FedEx, UPS and DHL aren’t going to email you about a failed delivery, and that if they weren’t speeding in New York there’s very little chance that they would have got a speeding ticket from NYC (and how would the cops have got your email address anyway?), and that sexy Russian woman with a webcam who wants to be email buddies with you didn’t see your profile online, and… I could go on.
I did what I always try to do. Rather than open the Word document, I uploaded it to VirusTotal which does the grunt work of running it past scores of different anti-virus scanners and then shares the files with anti-virus labs so analysts can take a look at it.
But even if it had come up with a clean bill of health (it didn’t – six of 54 scanners identified it as malicious) I wouldn’t have opened it.
And that’s because I’ve never dealt with the company who was claiming to have sent me an invoice. And even if I had, I knew I wasn’t expecting an invoice. The email was unsolicited.
So after uploading it to VirusTotal I deleted the email message (including the attachment) and moved on with my day.
If everyone stopped clicking on unsolicited .DOCs (and .PDFs etc etc) the internet would be a safer place.
Spread the word, not the malware.