The old trick with the e-mail

The warning of dangerous e-mail attachments has already been reiterated many times. Nevertheless, attackers are still succeeding with this method even in the 21. century. Especially regarding targeted attacks against computers of particular persons, companies or governmental institutions is this well-known method promising.

In 2008 were chinese crackers able to infect computers of western governments and the Dalai Lama during the so-called Ghostnet operation. Prepared PDF documents sent with an e-mail were used.

In 2009 were the Royal Navy and some bases of the Royal Air Force hit by a computer worm. The infection occurred via e-mail and the total breakdown of the mail system was a consequence. Parts of the e-mail traffic was redirected to russian servers.

Three weeks ago the company RSA was successfully attacked via infected e-mails. Those e-mails had an Excel file with an embedded Flash file attached. The spreadsheet contained an exploit that installed a backdoor using a vulnerability in Adobe's Flash Player. The backdoor in turn was used to obtain access to sensitive data.

Under these circumstances do we want to reiterate the following advices concerning e-mail security:
  • Read e-mails as plain text and not in HTML.
  • Deactivate the display of attachments inline.
  • Be suspicious against attachments sent unrequested.
  • Almost every file format may be used as a vehicle for malware. Besides EXE and PAF files caution is recommended above all concerning PDF and Office files. But even TIFF or JPEG pictures could compromise the computer.

Trackbacks

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

    No comments


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.