Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Guides - Privacy & Security Tips
Social engineering and user-intervention
Message
<blockquote data-quote="Wave" data-source="post: 568035"><p>No problem, glad you liked it. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p></p><p></p><p>Yes, an attacker can definitely do this and this has been done many times in the past, this technique is very effective for the attacker to use in many situations... Sadly many people do not check the extensions properly. </p><p></p><p>[USER=2930]@Exterminator[/USER] posted a thread yesterday regarding a new decryption tool developed by ESET for the CrySiS ransomware, which used the double extensions technique to social engineer the readers of the e-mail into believing the attachment wasn't really an executable (causing them to trust it and run it - and then they quickly learnt they had made a very big mistake). You can read the thread here: <a href="https://malwaretips.com/threads/crysis-averted-eset-releases-free-ransomware-decryptor.65740/" target="_blank">Crysis Averted: Eset Releases Free Ransomware Decryptor</a></p><p></p><p>Therefore the above is evidence in itself that these things really do happen, and double extension tricks are more common than you'd think.</p><p></p><p></p><p>Well this question is much trickier to answer since it really depends on numerous factors (e.g. are you using a web-client or software-client for reading your e-mails) and may also depend on your Windows settings (e.g. the attacker may find a way to exploit the e-mail client into auto-running (upon opening the e-mail) the attachment or having it executed with one-click, and on Windows there are settings for one-click execution).</p><p></p><p>Generally, the answer to this question is no, since you need to actually download the attachment and this download routine is separate to the execution of it. You can have malware stored on your system but just leave it inactive (non-executed), and unless it becomes active then you will not be infected. However, malware is evolving all the time and therefore I think it is safe to say that these things can definitely happen one way or another, at least somehow... It is not impossible. Unless in the case of an e-mail client exploit, I doubt this has happened (especially whilst using an web-client for e-mail like Google Mail, they have very good security) so far, but we're probably not far off before attackers can evolve to doing something like this commonly (the same way as double extensions is now a common method and has been for a long time).</p><p></p><p>With all that being said, never handle attachments unless you really trust the e-mail sender. Attackers can also spoof the sender e-mail address through modification of the e-mail header which is another technique regularly and commonly abused by hackers/spammers... Depending on the circumstances, the e-mail may end up in the spam/junk folder due to identification from the e-mail provider that the e-mail header had been suspiciously altered (e.g. Google may flag it as potentially unsafe in some circumstances). As well as this, don't bother opening up suspicious/unexpected-looking e-mails... Once you open that suspicious e-mail you will naturally start to read the contents and this will buy the attacker a chance to social engineer you depending on what was written in the e-mail.</p></blockquote><p></p>
[QUOTE="Wave, post: 568035"] No problem, glad you liked it. :) Yes, an attacker can definitely do this and this has been done many times in the past, this technique is very effective for the attacker to use in many situations... Sadly many people do not check the extensions properly. [USER=2930]@Exterminator[/USER] posted a thread yesterday regarding a new decryption tool developed by ESET for the CrySiS ransomware, which used the double extensions technique to social engineer the readers of the e-mail into believing the attachment wasn't really an executable (causing them to trust it and run it - and then they quickly learnt they had made a very big mistake). You can read the thread here: [URL="https://malwaretips.com/threads/crysis-averted-eset-releases-free-ransomware-decryptor.65740/"]Crysis Averted: Eset Releases Free Ransomware Decryptor[/URL] Therefore the above is evidence in itself that these things really do happen, and double extension tricks are more common than you'd think. Well this question is much trickier to answer since it really depends on numerous factors (e.g. are you using a web-client or software-client for reading your e-mails) and may also depend on your Windows settings (e.g. the attacker may find a way to exploit the e-mail client into auto-running (upon opening the e-mail) the attachment or having it executed with one-click, and on Windows there are settings for one-click execution). Generally, the answer to this question is no, since you need to actually download the attachment and this download routine is separate to the execution of it. You can have malware stored on your system but just leave it inactive (non-executed), and unless it becomes active then you will not be infected. However, malware is evolving all the time and therefore I think it is safe to say that these things can definitely happen one way or another, at least somehow... It is not impossible. Unless in the case of an e-mail client exploit, I doubt this has happened (especially whilst using an web-client for e-mail like Google Mail, they have very good security) so far, but we're probably not far off before attackers can evolve to doing something like this commonly (the same way as double extensions is now a common method and has been for a long time). With all that being said, never handle attachments unless you really trust the e-mail sender. Attackers can also spoof the sender e-mail address through modification of the e-mail header which is another technique regularly and commonly abused by hackers/spammers... Depending on the circumstances, the e-mail may end up in the spam/junk folder due to identification from the e-mail provider that the e-mail header had been suspiciously altered (e.g. Google may flag it as potentially unsafe in some circumstances). As well as this, don't bother opening up suspicious/unexpected-looking e-mails... Once you open that suspicious e-mail you will naturally start to read the contents and this will buy the attacker a chance to social engineer you depending on what was written in the e-mail. [/QUOTE]
Insert quotes…
Verification
Post reply
Top