12345

8/30/2011

Types of malicious files being spread as an attachment of E-Mail

1. Introduction

Recently, malicious files masqueraded as a normal attachment of e-mail are being reported.
General users need to be careful from those malicious e-mails.
Malicious file can command victim's computer or can be become a root PC for spreading another malicious files.





Spreading malicious file through e-mail is really traditional; however, malicious file distributers are still using this technique for spreading malicious files.
Because this technique is very effective to spread to unspecific user. Since e-mail is our every day's work, attackers and general users are checking mail box very frequently.

2. Spreading cases

The most common techniques of spreading malicious files through e-mail are disguised as a normal e-mail.
Most contents are written in English, however, malicious e-mails are using various languages in these days.

1. In case of invoice

Disguised as a famous logistics company such as UPS(United Parcel Service), Fedex, or DHL.
Following figure is that it has been disguised as a document file which contains malicious file its attachment from UPS. Upon executing, user will be infected.



2. In case of scanned image file

Generally, people are more interested in image files. The file name can induce user to execute attachment.



3. In case of payment receipt

Various kinds of payment receipts from international money transfer service such as Western Union Payment can induce user more easily.
Following figure is one of these cases and can be modified due to its variants.



3. How to prevent

The common features of those techniques, we mentioned above, are making people interest and desire user to open the attachment. That's the reason why general users need to be careful on downloading and executing attachments; even those e-mails are from user's well known person.

To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Anti-Virus/Spyware for detecting such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

 - Trojan-Downloader/W32.Small.29184.BG
 - Trojan-Downloader/W32.FraudLoad.29696.K
 - Backdoor/W32.Agobot.42496


16 comments:

  1. The Nitrocom vendor portfolio is a strong and carefully selected collection of the world’s leading wireless, cloud & security innovators. Each vendor is individually outstanding whilst also able to work together to create a simple, yet sophisticated solution.
    SIAE MICROELETTRONICA was founded in 1952. Now we are internationally renowned as a leading provider of the most innovative and best performing microwave radio and wireless network solutions. Our equipment enables millions of people in over 90 countries to communicate around the world every day. As an intrinsic element of modern network infrastructure, our customers demand the highest quality, value for money and innovative telecommunications products.
    Cambium Networks offers a comprehensive portfolio of fixed reliable, scalable & high-speed wireless backhaul and access solutions.
    Ceragon Networks is a worldwide provider of high-capacity LTE-ready wireless backhaul solutions. The company has a broad portfolio of innovative, field-proven technology solutions for wireless service providers as well as private businesses. The Ceragon solutions are designed to deliver voice and premium data services, eliminate the backhaul capacity network as well as significantly reducing the costs and transition to next-generation IP-based networks.

    ReplyDelete
  2. DragonWave is a leading provider of high-capacity packet microwave solutions that drive next-generation IP networks. DragonWave's carrier-grade point-to-point packet microwave systems transmit broadband voice, video and data, enabling service providers, government agencies, enterprises and other organizations to meet their increasing bandwidth requirements rapidly and affordably. The principal application of DragonWave's portfolio is wireless network backhaul, including a range of products ideally suited to support the emergence of underlying small cell networks. Additional solutions include leased line replacement, last mile fiber extension and enterprise networks. DragonWave's award winning products are known in the industry for their leading capacity, reliability, and spectral efficiency.
    3Roam provides high-capacity microwave transmission equipments for wireless and packet networks convergence. 3Roam solutions aim at bridging the gap between traditional microwave transmission technologies and advanced networking techniques.
    Micran is a modern innovative enterprise with a strong team of specialists, combining experience in the different spheres of microwave electronics, communications, radio location, test and measurement equipment and information security. This unique, talented, multi-disciplinary team is viewed very positively by our current customers and partners. They are always ready to bring their wide expertise to accept new challenges.
    Nitrowave WNMS is a Enterprise and Carrier-Grade Wireless Network Management System. A single software solution simplifies a large number of management and monitoring tasks for network administrators. Nitrowave ’s comprehensive network management system supports several thousands of nodes. Multiple networks may be maintained and monitored using one server. A rich feature set helps to diagnose network problems effectively, visualize networks on a map, perform scheduled firmware upgrades automatically, track states of devices, get failure alerts, and collect statistics. The Web-based system environment supports multi-user accounts. Several administrators may manage different networks on the same server, without having access to each other’s equipment.

    ReplyDelete
  3. RACOM is a primary producer, i.e. we do our own research & development of both Hardware and Software for all our product lines: Radio modem, GPRS/EDGE/UMTS router and Microwave link. Whenever the need arises, one can always find the responsible person for the respective part of a product at RACOM.
    Services:


    Pre-sales Support

    With our help you can trust that you are getting the right product to fulfil your customers requirement. We can help guide and support you with all pre-sales questions and design needs.
    Planning and Design
    Correctly planning and designing you wireless network is imperative to ensure you get the speed, services and value for money. Using our premium services we can assist you with planning and designing your wireless network.
    Installation and Aftercare

    ReplyDelete
  4. Installation and Aftercare
    Take the stress out of technical projects, have us set up your solution and deliver it to your customers door, ready to plug in. We offer pre-staging, consultancy, product support & troubleshooting and RMAs.
    Marketing Plus
    As a value-added distributor, Purdicom offers a range of marketing support to its partners including templates, event assistance and telesales resource. These templates include HTML emails, PDFs, infographics and technology guides across each of the vendors that Purdicom distributes.



    Visit some important pages from the perspective of customers :



    telecom wireless solutionsharmony radio litehuawei microwavesm saleSpectronite ray point to point microwave link

    ReplyDelete