Beware of Email Attachments That Seem Harmless

Email Attachment Malware

Malware infections often enter networks through email attachments, and attackers are continually looking for new ways to disguise the malicious files. In the past, hackers have attached malicious JavaScript files to emails. When opened, these files would download and install malware (such as ransomware). More and more organizations are banning JavaScript email attachments — in fact, Google recently started blocking JavaScript attachments altogether in Gmail.

In response, hackers have started to switch tactics.

CSO Online (h/t iTech Post) summarized recent reports about new and growing malware attack methods, including hiding malware within attached LNK and SVG files. Researchers from the Microsoft Malware Protection Center discovered malicious LNK files hidden within ZIP archives attached to spam emails. Attackers also are using SVG files to spread malware.

LNK files, which are shortcuts to executables, are not very commonly used by most users, but they aren't typically considered risky either, and they may be difficult to detect if they're in a ZIP archive. The use of SVG files as an attack method is particularly troublesome — even security-savvy users think image files are innocuous, and SVG is a common file format regularly used by both corporate and private users. However, SVG files can be just as dangerous as JavaScript attachments. JavaScript can actually be hidden in images, and the script then executes when the SVG image is opened in a browser.

Image Malware

OPSWAT's data sanitization, or Content Disarm and Reconstruction (CDR), is perfect for cases such as these. SVG files can be converted to another image file type and sanitized in the process, removing any malicious content. Other MetaDefender technologies help in detecting and preventing these threats as well — MetaDefender's archive extraction technology, for example, can extract and scan ZIP archives for hidden malware, and file type verification blocks files disguised as other file types.

MetaDefender Email Security enables organizations to add a second layer of defense to their email systems by sanitizing all emails and attachments to remove exploitable content.

Sign up for Blog updates
Get information and insight from the leaders in advanced threat prevention.