The user thinking the file is an innocuous picture, clicks on the file, and executes the underlying executable. jpg) Windows will in most cases, display the file to user with only the. exe) and the other an image file extension (ex. Two methods (among many others) to embed malware in images attached to emails are the double file extension and through steganography - hiding data within other data.Ī malicious individual can use a double file extension with one file extension being an executable (Ex. I work in IT Security profession so can answer from experience. Yes this is possible and fairly routinely used by malicious individuals. Ensure you use up to date email clients, or use online web based email.Do not open emails from unknown/unfamiliar emails, or emails sent at unexpected hours.A follow up is to request text-only emails.You can see more about this in the last two links.Įasy ways to safe guard yourself from email malware: Some AVs do not scan these files, some do.ĭepending on the operating system, malformed images can also be spread through emails, which allows code to be executed. For example, you can place files inside a PDF file which can house other files. ![]() It is more common place to see attachments within attachments. Again, this is on of the many parts that allowed ILoveYou to spread with ease. The critical part as other answers have brought up is that double extensions can trick users into thinking an attachment is safe to open. Some attacks are sophisticated to use HTML code to attack the email client (which are popular in enterprises/corporations). Still, it's used to some degree, especially with spear phishing and whaling attacks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |