The Anti-virus Times

Monday, April 4, 2022

Attackers are on the alert even when the whole world is busy with other problems. Moreover, cybercriminals become more active at a time when users are less vigilant. Now, it is especially important to monitor incoming traffic — after all, in a huge volume of information, it is so easy to miss a malware-laced email! The Anti-virus Times project reminds users about the rules for working safely with their email.

Why it is important not to open attachments to suspicious emails

Most malware gets onto computers due to user carelessness. For many years, dangerous emails have been distributed to email addresses with alarming regularity, so, in 2022, it is worth continuing to be careful when working with email and other messages.

Any person can receive emails containing malicious attachments. To become a potential victim of scammers, a user just needs to publish their email address somewhere on the Internet. However, the price of this mistake may vary. It is one thing when a home computer is infected and entirely another when such an email has reached your corporate email address. In this case, there is a risk that the company's internal servers will be compromised. In many cases, lost or leaked data cannot be restored. One opened email message can come at a price for a company.

Therefore, users should think twice about whether they should thoughtlessly download an attachment that’s been sent to their email address.

What are dangerous attachments?

You should bear in mind that any link or file sent by an unknown sender is potentially dangerous. The most diverse malware can be hidden in such attachments. For example, we regularly discover various files, including PDF documents, among mail threats that hide backdoors and downloader trojans. More detailed information about popular threats can be found in our annual virus activity review.

Particular attention should be paid to .scr files. Usually, these are executable files which can run a malicious script as a normal .exe file. The potentially malicious software can be opened using Dr.Web vxCube. This is a cloud analyser that can run a file in the sandbox to show what might have happened to a user’s computer, but didn't. Based on the results of this check, the analyser will decide whether or not the file is clean.

We studied this situation in one of our issues of the Anti-virus Times. There we described in detail what happens when a user runs a suspicious file. This was one of the cases in which a “corporate email message” turned out to be a scam. A seemingly innocuous corporate email was sent, but instead of being an unremarkable document, it contained a dangerous Dimnie trojan. It can steal money from legal accounts by spoofing payment orders in popular accounting applications.

How to protect yourself

Of course, first make sure that the SpIDer Mail and SpIDer Guard monitors are enabled in your Dr.Web. This will allow you to secure your device if an attachment has been downloaded. However, the best way to avoid downloading potentially malicious software is to use scanning services if you believe that a file or a link may be dangerous.

A suspicious site can be checked using the URL filter. Simply copy the link and paste it into the input field to get the following information: whether the site contains malware, whether it is present in the database of unwanted webpages, and whether it redirects to other resources. Anyone can use the service without having a licensed distribution of Dr.Web.

With the development of technologies, fraudsters have added to their goals groups and conferences in social networks. But, in this regard as well, Doctor Web fights for the anti-virus security of its users. We have designed a Telegram bot that can check links and files in real time. Just contact it: @DrWebBot. Read more about Dr.Web bot for Telegram here.

A similar bot is also available for VKontakte. DrWebbot for VK also allows users to check links and files. Users can send a message to the bot or add it to their chat. In the second case, the bot will be able to instantly check all incoming links and files to protect chat participants. Documents, as well as links and attachments from comments and posts, should be checked. At the same time, the bot does not analyse images because VKontakte pre-compresses all uploaded JPG images and does not save their originals. Virus databases and the Dr.Web Cloud are used during the scanning process, which makes it possible to monitor and neutralise the latest threats that may appear in messages.