New Malware Emphasizes Need to Train Employees to Be Cynical

By Wayne Rash  |  Posted 2015-10-28 Print this article Print
email malware

Next, I asked Norton Internet Security to scan the files. It reported no malware being present. Then I contacted Jerome Segura, a senior security researcher at Malwarebytes Labs, and asked him to take a look. His immediate response: "This is really bad."

Calling the delivery of malware through a JavaScript file an unusual means of delivery, Segura said, "This file is not a typical malware binary such as an executable that we would normally see. For this reason it may evade detection from traditional antivirus but also may fool users into thinking it is harmless."

Segura said that the script file would download three files disguised as GIF image files, but which when run would combine to become a serious malware infection. "This threat is interesting from many angles, and users should pay close attention to all kinds of files regardless of their extensions," he said.

This particular attack, despite the fact that it was unsuccessful this time, could have been effective elsewhere. The attackers spoofed a legitimate site that normally would be expected to send out emails with file attachments. The attachment took advantage of the default settings in Windows that suppress the display of extensions. The malware payload was simply a text file, so it wouldn't alert most antivirus software.

It might be impossible to prevent such an attack in every instance, but the impact of the threat can be reduced. But to reduce the impact of that threat, your employees must be trained, and you might need to retune your security software.

First, it's critical to train employees to be suspicious of all attachments, no matter how benign they might appear. What appears to be an amusing cat video might actually be disguising malware. Likewise, what appears to be a scanned fax could really be something sinister.

Second, it's important that you set up your mail system to block potentially harmful attachments. One problem with this is that many email systems (including Microsoft Outlook) will not block compressed files, and many won't block text files. The JavaScript file I received was presented as a text file within a compressed file, and neither my antivirus software nor Outlook detected it. However, I can set my mail server to block all attachments, and only allow them to be viewed online.

Finally, a good dose of cynicism, coupled with a certain level of thinking about what's appropriate for the office, will certainly help. Employees need to know that lots of messages professing undying love delivered to the company email are probably not work related. Filtering attachments at the server and helping employees detect threats are both necessary steps.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel