These Are The Five Most Dangerous Email Attachments

plat

Level 29
Top Poster
Sep 13, 2018
1,793
I've used this tool b/c your stolen passwords, published email address, and liberal clicks of the "subscribe" button will open the floodgates for malicious spam. Probably more sophisticated people around here have much better tools and tactics like using junk email addresses and password generators in social contexts. I get maybe just 10 spam emails per week and I know the origin of all of them. This article reinforced the need to take a closer look before mindlessly clicking. Keep your best self private.

Sadly, would you say people who are lonely and socially isolated are more vulnerable to opening these attachments? The bad guys know the weaknesses of people and exploit them, often without conscience. One of the most fascinating threads I followed was the mindset of a cyber criminal, the rationalizing and utter contempt for those he (she) strives to victimize, as well as rogue nations who profit mightily from the proceeds of crimes like this.
 

Der.Reisende

Level 45
Honorary Member
Top Poster
Content Creator
Malware Hunter
Dec 27, 2014
3,423
Ok, I'm missing multi-extension ones to trick users (known file extensions are off by default on Windows) (like jpg.exe), .exe and all highly suspicious .js / .jse / .vbe (all most likely in an archive (.zip / .7z,... to evade AV detection)) and now maybe .jpg with Steganography attack technique.
No idea if .jar (like #Adwind RAT) is also spread by malspam? Most likely yes and targeted.

These are just guesses, based on uploads to HybridAnalysis, most of them have the subject "invoice" or the equivalent language name. I don't receive big amounts of spam thanks god, and next to never with suspicious attachments.

Anyway, thanks for the nice share @JM Security!
 

JM Safe

Level 39
Thread author
Verified
Top Poster
Apr 12, 2015
2,882
Ok, I'm missing multi-extension ones to trick users (known file extensions are off by default on Windows) (like jpg.exe), .exe and all highly suspicious .js / .jse / .vbe (all most likely in an archive (.zip / .7z,... to evade AV detection)) and now maybe .jpg with Steganography attack technique.
No idea if .jar (like #Adwind RAT) is also spread by malspam? Most likely yes and targeted.

These are just guesses, based on uploads to HybridAnalysis, most of them have the subject "invoice" or the equivalent language name. I don't receive big amounts of spam thanks god, and next to never with suspicious attachments.

Anyway, thanks for the nice share @JM Security!
Thanks for your reply friend :)
 

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,448
You only open email in a vm or shadow defender? if yes, do you recommend this for others, I ask with no agenda :emoji_expressionless:
 
  • Like
Reactions: JM Safe

notabot

Level 15
Verified
Oct 31, 2018
703
That is done already, but i prefer prevent before this point.
You don't need to block if it is not on the real system.

I think the risk for both setups is roughly the same - in both cases the OS kernel is the security bottleneck ( + potential flaws in each sandbox ).
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Sandboxing can be probably the safest, but if you make it safest then it will also be the least usable for most users. The kernel exploits are less dangerous if you use restricted setup (SRP, Anti-Exe, etc.), because less stuff (and less exploits) will be executed in the system.
So, usually people use the Sandboxing only for the most vulnerable applications like browsers, document viewers/editors, etc. For the rest stuff the other solutions are more comfortable.
For example ReHIPS (liked by @Umbra) can be used as a hybrid of Sandboxing + Programs Hardening + Anti-Exe.
If you like default-deny SRP, then you must be cautious with the vulnerable software (if whitelisted). That is why such software usually has got some in-built security (sandbox/AppContainer).
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top