Beware of the FW: Daily Report Email

A recent email scam (instances here and here) is slithering its way into networks and compromising organizations' email security. What differentiates this malware outbreak from other run-of-the-mill attacks is that it’s incredibly easy for users to fall prey to, due to the seemingly known source of the email.

Picture a regular work day in your office; you receive an email alert from a coworker with the subject line "FW: Daily Report" with a compressed document attached. Since the email is being sent from your coworker's actual email address, you think it’s just a helpful update and you proceed to unzip the file. But that’s when you notice the file type is not what you expected! 

The outbreak works by infecting a machine, then sending emails with the malicious email attachment, usually masked as a .src file, to everyone in the user's address book. Since this is a new virus, most antivirus engines have not been able to instantly detect the threat or update their definitions quickly enough to at least flag the email attachment as suspicious. If your company happened to be using one of the anti-malware engines that could not detect the malicious email attachment in time, this could result in significant downtime and loss of worker productivity. 

We ran a quick test here at OPSWAT and scanned the malicious file with Metascan Online to show how zero-day attacks can be prevented by leveraging multiple anti-malware engines. Below are the scan results from the malicious file:

3 engines detected

Initially, this file was only identified as a threat by three engines (VirIT, ByteHero and Norman).

View these results on Metascan Online >

20 engines detected

By the second day, the file had jumped to being detected by 20 anti-malware engines.

View these results on Metascan Online >

27 engines detected

On the third day, an additional seven engines detected the file as malicious.

View these results on Metascan Online >

28 engines detected

And by the fourth day, 28 anti-malware engines detected the file as a threat.

View these results on Metascan Online >

While it's easy to say the best way to prevent these types of attacks is to never open an email that seems suspicious, sometimes users can be fooled into unknowingly opening a malicious email. Tests like the one shown above display the importance of multi-scanning and how having the correct security solutions in place to detect malicious email attachments can limit the possibility of these outbreaks infecting your network.

Sign up for Blog updates
Get information and insight from the leaders in advanced threat prevention.