You’re busy, so I’ll say this fast and loud: DON’T OPEN UNEXPECTED ZIP FILES THAT ARRIVE AS EMAIL ATTACHMENTS. Suddenly, there are a lot of them around.
The emails arrive in typical fashion. One promised me a “confirmation letter.” A more clever version offered a travel expense sheet. The most believable says, “voice message from outside caller.”
Well-configured spam and security software should protect organizations from this attack. So why are spammers suddenly adopting the technique again?
According to security training center and think tank The SANS Institute, spammers realize that many organizations, by now, have effective filtering practices that minimize the chance of an employee’s computer getting infected by this type of attack. However, the spike in .js malspam indicates enough of this bad stuff is leaking through to make it profitable for criminals.
Akin to the IRS scam, which just keeps working and working, infected zip attachments are popping up all over because they work.
Here are the essentials of the SANS analysis:
- This malspam appears to target Windows computers.
- The user must open the zip attachment, extract the .js file, and manually run the .js file.
- A properly administered Windows host using software restriction policies should prevent an infection.
- A properly administered spam filter will prevent this type of malspam from reaching the recipient’s inbox.