Watch out for phishing emails that inject spyware trio An emailed report seemingly about a payment will, when opened in Excel on a Windows system, attempt to inject three pieces of file-less malware that steal sensitive information. Researchers with Fortinet's FortiGuard Labs threat intelligence unit have been tracking this mailspam campaign since May, outlining how three remote …
That sentence puzzled me. Even if you're using Outlook/Office365, you open mails in Word, not in Excel.
"an email arrives with an Excel file that contains malicious macros"
That is the proper sequence of events. You get a mail from someone you've never met, download the attachment and leave your brain dead while you double-click it and ignore all warnings.
Because of course I'm going to open this attachment from some random stranger I've never met. He sent me this file, it must be important. What's the worst that could happen ?
Oh.
I'm guessing here as it's absolutely ages since I've used MS mail clients or allowed macros in Office documents, but maybe if 'attachment preview' is enabled in the mail client and macros are permitted to execute in Excel by default, the Trojan might activate without any user intervention other than opening the email itself.
If so, security is once again antithetical to convenience.
"Because of course I'm going to open this attachment from some random stranger I've never met."
YOU probably won't do that unless the file content is obsfucated in some way and your OS somehow allows what appears to be a simple text file to invoke Excel. But if you have any significant number of employees, it's almost certain that a few of them can be prevented from doing so only by denying them access to email and/or Excel or by amputating their fingers.
But email is a normal hazard these days, we see infections delivered in attachments daily. This is the email environment ... it's nothing new. Here's a monastery sig when this first started years ago ... "I would like to shake the hand of the man who first decided that e-mail clients should slice, dice and run arbitrary programs. Then I'd like to stir, blend and puree his hand.
These days "security" is just a feature, not a requirement.
The I Love You malware or it might have been Melissa that was widespread around 2000 hit where I was working at the time. The down tools and don’t touch your PC message that was sent around verbally by managers was too late. Personally I didn’t have the preview window on Outlook set up but a lot of people did and therefore opened the email unintentionally. What made us laugh was the instruction from our lord and master (aka the boss) that he and his team were going to have an offsite meeting and he then marched us out of the offices. He decided we should have this meeting in a local pub and instituted a maximum drink rule. We needed to be sober if they had rid us of the bloody thing faster than we expected.
And with that, keep in mind that nowadays software isn't really helping. I mean, look at the way that MS is blocking IMAP access/ use of their whole Outlook/ Calendar/ Teams invite system. If you have somebody on IMAP, they don't get a workable invite, but just a silly message to go "change your settings". No details of the meeting/ call, you know, your actual work. And god forbid, no compliant ics. Nooooo, just "use our eco system". Ah well, productivity software...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
