Tips and Tricks

Underneath E-mails: Dangerous Attachments

You already know it and we’ve said it plenty of times: never open e-mail attachments or links from unknown senders. Your curiosity can lead you to the darkest Internet corners faster than you think. Today, we continue the ‘Underneath E-mails’ series with a new e-threat: dangerous attachments.

1. What is a malicious attachment?

The first purpose of malicious or dangerous attachments is to make users believe in their legitimacy. They often pose as PDFs, Word documents, JPG images or other types of files, but actually host and hide malicious code, usually Trojans.

2. Action method

Let’s take the example of an e-mail that tricks us into believing we received plane tickets from British Airways. The message is supposed to confirm that we completed the transaction. Tickets we haven’t paid for and received? Great! When do we leave? Unfortunately, not too soon, as these tickets take us to Neverland.

Underneath E-mails: Dangerous AttachmentsThe e-mail attachment is an .htm file – allegedly our airplane route. Though it doesn’t look too dangerous, it hides a javascript code that will execute when opened. The redirecting web site is packed with an exploit kit that searches for vulnerabilities on the computer.

In the case of our test computer, the exploit kit used a Java error that affected the JmxMBeanServer (CVE-2013-0422). This vulnerability has been patched, but users should remember to keep their software updated. To test the exploit kit on a vulnerable computer, we didn’t run the Java update. Once the error was detected, an encrypted file was downloaded and the system started to be infected. In this case, a Trojan was installed on the machine, where it waited for instructions from the attackers who now took control of the computer.

3. In a few words

The e-mail that promised us a free trip was, of course, too good to be true. However, it often happens that curiosity makes us open harmful files, even though we assume they are scammy. Cyber-criminals count on that eagerness to click “just to be sure” or see what an attachment hides. But malware infections are a click away after opening simple HTML files like this one.

Underneath E-mails: Dangerous AttachmentsFortunately, an updated antivirus solution will prevent malicious files from infecting your computer.

4. How to detect malicious attachments

The first, and most simple, rule is never to open an e-mail attachment if the sender is unknown or unreliable. Don’t fall for e-mail subjects meant to trick you or entice your curiosity. There is no reason to get an unpaid bill via e-mail or airplane tickets by accident, and you probably haven’t won the Microsoft lottery yet. All e-mails that lure users to click on dubious attachments and links should make you raise an eyebrow, even if the antivirus solution will prevent malware installations on your PC.

There is no such thing as paranoia or too much vigilance. Even the name of the sender isn’t good enough to separate the fraud from the authentic, because some of your e-mail contacts may have also been compromised.

In most cases, scammers’ repertoires are redundant, and a simple search on the Internet will tell you if a message is authentic.

This article is based on the technical information provided courtesy of the Malware Analysts at the Bitdefender Labs in France.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.