Since this e-mail already contains executable malicious file in itself, executing that attachment will infect user's PC.
Therefore, user needs to be careful while downloading or executing attachments.
2. Spreading path and symptoms of infection
This e-mail looks like containing normal but is actually masqueraded as an ordinary one including resume file and personal profile and induces user to download and decompress.
"Resume.chm(101,511 bytes)" locates inside of "Resume.rar(98,006 bytes)".
Upon running "Resume.chm", malicious "svchost.exe" will also be run at the same time.
* What is CHM File?
Microsoft Compiled HTML Help is a Microsoft proprietary online help format. It was introduced as the successor to Microsoft WinHelp with the release of Windows 98, and is still supported in Windows 7.
Help is delivered as a binary file with the .chm. It contains a set of HTML files, a hyperlinked table of contents, and an index file.
Microsoft Compiled HTML Help is a Microsoft proprietary online help format. It was introduced as the successor to Microsoft WinHelp with the release of Windows 98, and is still supported in Windows 7.
Help is delivered as a binary file with the .chm. It contains a set of HTML files, a hyperlinked table of contents, and an index file.
To decompress .chm file, you can see these files as following:
When executing "Resume.chm", you can find resume and personal information such as following figure.
On executing chm file, THE malicious "svchost.exe" including Active Content will be executed according to "launch.htm".
When "svchost.exe" is executed, it will overwrite itself and each path of executing normal processes will be backed up without its extensions.
After the process, since infected malicious file will be associated with normal file, if an infected user tries to execute malicious file, actually overwritten of normal file, it will work as a normal file but behave malicious functions.
This following figure briefs infected method and symptoms.
* Infected symptoms of malicious "Svchost.exe"
Upon execution, it will generate another malicious file in this following path.
[Information of generated file]
C:\Windows\Downloaded Program Files\svchost.exe (307,200 bytes)
C:\Windows\Downloaded Program Files\svchost.exe (307,200 bytes)
3. How to prevent
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.
Security management tips
1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function and runs responding system against various security threats.
I am sure that here you can find useful advices about writing math homework. It helped me a lot when I was in college.
ReplyDeleteNeed to submit your law assignment urgently? Come at StudentsAssignmentHelp.com and take our Law Assignment Help services at a cheap price. We have a team of highly qualified and certified experts in the field that make sure all your work is submitted well.
ReplyDeleteHi there, You've done an incredible job. I will definitely digg it and in my view suggest to my friends.I am sure they will be benefited from this web site.
ReplyDeletekissmanga
shareit apk
ReplyDeleteshareit for android
shareit for pc
shareit for ios
shareit pc
We have a team of highly qualified and certified experts in the field that make sure all your work is submitted well.