EMAIL ATTACHMENTS

The Perils of Email Attachments
Synopsis
Email attachments are one of the easiest ways to vandalize or invade a computer. The human element is often the weakest part of the system. Amazingly, many previous victims continue to open dodgy attachments.
1. Be suspicious of any attachment you were not expecting -- even though it's from someone you know.
2. Be doubly suspicious of attachments that have been forwarded to you -- even by someone you know.
3. Be paranoid about attachments from anyone you don't know.
A worm could have sent the message in the first case. Here's how: The message came from an infected PC -- one belonging to them or someone who has their address. Your friends address was used in the "From:" field to disarm you. In the 2nd case, you clearly have no idea where the file came from originally. In the 3rd case, it's spam or more likely an attack.
Attachments, and the messages that carry them, get more diabolical all the time. Finding new ways to fool people is a collective obsession. Even seasoned computer users get taken in. Now there are even ways to include hostile code in digital music, images or videos.
Examples
1. A reasonable sounding message informs you that your computer is infected with the latest worm in the news, and offers to remove it. When you open the attachment, it disables your antivirus program and firewall. Then it installs the worm it claimed to be scanning for. Finally it reports that your computer is free of the worm. Now the worm uses your computer to send bogus messages to more victims. Nice!
2. Your friend emails you a cute attachment with the file name "kitty.exe". In their message, they tell you they've tried it themselves, it's really cute, and it's "OK to open". You check with your friend, and yes indeed, he or she did send it, and they assure you "it doesn't have a virus."
Trouble is, it contains a delayed action Trojan-horse along with the cute kitty. When you open it, the kitty does something cute, but the Trojan is installed on your computer too. You and your friend will not find out about the Trojan until later, if ever.
3. An email arrives that appears to come from Microsoft. The Microsoft heading and icons are genuine. The message contains a sincere and urgent plea for you to patch your copy of Windows immediately. The patch is conveniently attached to the message.
Trouble is, the attachment terminates your antivirus program and firewall, and does other things so that you can't remove it. Now you have a nice new Trojan horse in your PC. Microsoft provides a guideline for determining if a message "from" Microsoft is genuine.
4. Attackers often disguise malicious attachments by using double extensions, for example, "message.txt.lnk" or "picture.gif.vbe". Unless you've changed your Windows configuration though, *.lnk, *.vbe and several other extensions are always hidden. The file names that you see are just "message.txt" or "picture.gif".
Those files -- *.txt and *.gif files -- seem safe enough. Windows knows they are *.lnk or *.vbe files though, not text or picture files at all. When you "open" them though, Windows blindly does exactly what the attacker had in mind, and the damage is done.
5. Demonstration: It's a myth that non-executable files are always safe. It's easy to hide malicious content in music or video files. Download and run example.mp3 to see a convincing but perfectly safe demonstration of this. (*.mp3 is a popular music file format.) That is... if you trust me.
Nothing dramatic happens, but there's more going on than just the music, eh? You'll need to have Windows Media Player installed, and be online to see the results. This is just an example. I'm sure there's a lot of brigands and bandits figuring out how to plant hostile content in more file types.

No comments:

Post a Comment