Types of malicious files being spread as an attachment of E-Mail

1. Introduction

Recently, malicious files masqueraded as a normal attachment of e-mail are being reported.
General users need to be careful from those malicious e-mails.
Malicious file can command victim's computer or can be become a root PC for spreading another malicious files.

Spreading malicious file through e-mail is really traditional; however, malicious file distributers are still using this technique for spreading malicious files.
Because this technique is very effective to spread to unspecific user. Since e-mail is our every day's work, attackers and general users are checking mail box very frequently.

2. Spreading cases

The most common techniques of spreading malicious files through e-mail are disguised as a normal e-mail.
Most contents are written in English, however, malicious e-mails are using various languages in these days.

1. In case of invoice

Disguised as a famous logistics company such as UPS(United Parcel Service), Fedex, or DHL.
Following figure is that it has been disguised as a document file which contains malicious file its attachment from UPS. Upon executing, user will be infected.

2. In case of scanned image file

Generally, people are more interested in image files. The file name can induce user to execute attachment.

3. In case of payment receipt

Various kinds of payment receipts from international money transfer service such as Western Union Payment can induce user more easily.
Following figure is one of these cases and can be modified due to its variants.

3. How to prevent

The common features of those techniques, we mentioned above, are making people interest and desire user to open the attachment. That's the reason why general users need to be careful on downloading and executing attachments; even those e-mails are from user's well known person.

To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Anti-Virus/Spyware for detecting such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

 - Trojan-Downloader/W32.Small.29184.BG
 - Trojan-Downloader/W32.FraudLoad.29696.K
 - Backdoor/W32.Agobot.42496