[Caution] Various types of security threats on attachments

1. Introduction

Various types of malicious attachments are being found recently.
Malicious e-mails are spreading indiscriminately, and threat user with virus, worm, phishing, spyware and adware.
With a booming of malicious e-mails, we are introducing various types of e-mails in prevalent these days.

2. Spreading path and symptoms of infection

Spreading technique via e-mail is similar as always. User just can be infected on executing attachment or clicking suspicious URL. Since various types of malicious files using vulnerability of various applications have been reported, general users need to be careful on using internet.

* Various vulnerabilities information

[Microsoft] Security TechCenter

[Adobe] Security Bulletins and advisories

[CVE] Common Vulnerabilities and Exposures

Following attachments has been reported to cause malicious behaviors such as Zeus Bot or SpyEye Bot after infecting PC.

1. Disguised as sent by public institutions

Following case is from U.S. Chamber of Commerce.

2. Disguised as sent by express logistics

Following case is from DHL.

Based on our analysis, we got the result as following.

1. Choose the target

- Malicious e-mail distributor sends malicious mails to unspecific user as many as possible.

2. Send mail

- Malicious e-mail can hide malicious file into attachment including MS office file format and PDF or suspicious link.

3. Infect malicious file or cause malicious behavior

- Upon executing attachment or link, malicious program can infect or can install in victim's PC. This installed program can perform as a backdoor or zombie PC. In case of attachment type malicious file, it can exploit various type of document format, and even contains its contents.

4. How to prevent

Due to the nature of BIOS and MBR, complete treating by Anti-Virus is difficult.
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Anti-Virus/Spyware” for detecting such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

 - Trojan-Spy/W32.SpyEyes.244224.B
 - Trojan/W32.Agent.24576.BKX

1 comment: