WHAT ARE THE FOUR MOST DANGEROUS FILE TYPES?

Every day, millions of spam messages are sent and although most are harmless advertisements, eventually a malicious file is hidden in one of the messages.

In order for the receiver to click and open the file that downloads the malware, cybercriminals do a makeover to make it interesting, useful or important: a working document, a good offer, a gift card with the logo of a well-known company, etc.

The scammers have their favorite formats and in this publication we will discuss the types of files most used this year to hide malware.

1. ZIP and RAR Files

Cybercriminals love to hide malware in files. For example, they used ZIP files named Love_You0891 (numbers may vary) to distribute the GandCrab ransomware on Valentine's Day. A few weeks later, a group of scammers sent files with Trojan Qbot, specialized in data theft.

This year, we also witnessed the discovery of a very interesting resource in WinRAR. Apparently, during the creation of a file, you can set a series of commands, so that the content is unzipped in the system folder. That is, the files could go to the boot folder, and would run on the next reboot. Therefore, we recommend that all WinRAR users update the program immediately to avoid malware.  

2. Microsoft Office Documents

Microsoft Office files, all Word documents (DOC, DOCX), Excel spreadsheets (XLS, XLSX, XLSM), presentations and templates are also very popular with cybercriminals. These files may contain integrated macros -small programs that run inside the file, which cybercriminals use as scripts to download malware.

Typically, these files are intended for employees of companies that work in offices. They are sent in disguise, as contracts, invoices, tax notifications, and management team messages. For example, a banking Trojan known as Ursnif has infected many devices of Italian users by imitating a payment notification. If the victim opened the file and accepted to activate the macro (disabled by default due to security reasons), the Trojan was downloaded to the computer.

3. PDF Files

Many users are aware of the dangers of macros in Microsoft Office documents, but generally not of the traps hidden in PDF files. In fact, this format can be used to create and run JavaScript files.

In addition, cybercriminals like to hide malicious links in PDF. For example, in a spam campaign, scammers encouraged users to visit a "safe" page where they needed to log into their American Express account. Of course, the victims' credentials went directly to the scammers.

4. IMG and ISO Disk Images

Compared to previous formats, IMG and ISO files are not used very often for malware attacks, although cybercriminals have recently devoted attention to them. These files (disk images) are basically a virtual copy of a CD, DVD or other type of disk.

The scammers used a disk image to send malware. This is the case with Trojan Agent Tesla, that stole credentials. Inside the image was a malicious executable file that, once executed, activated and installed spyware on the device. In some cases, cybercriminals used two attachments (an ISO and a DOC) to ensure infection.

How to manage potentially dangerous attachments

You do not need to send all messages with attachments or DOCX / PDF documents to the spam folder in order to protect your team from malware and avoid scams. Instead, remember these simple rules:

• Do not open suspicious emails from unknown addresses. If you don't know why a message with a specific theme ended up in your inbox, you probably don't need it.

• If you have to deal with unknown senders for work reasons, carefully check the address and name of the attached file. If something is strange to you, do not open it.

• Do not allow macros to run on documents that arrive via email unless it is unavoidable.

• Be careful about the links that appear in the files. If they don't explain why you need to access them, ignore them. If you really feel the need to check, manually enter the site address into your browser.

• Use a trusted security solution that will notify you of dangerous files, blocking and warning you when you try to open a suspicious website.

Reproduced from: https://www.kaspersky.com.br/blog/top4-dangerous-attachments-2019/11959/
Translated from: https://www.perallis.com/news/quais-sao-os-quatro-tipos-de-arquivo-mais-perigosos