E-MAIL - SECURITY - 28.03.2014

How to recognise dangerous e-mail attachments

Most malware can still enter your computer because you unsuspectingly click on an attachment to an e-mail too quickly. How can you tell that an attachment is safe or not?

Who sent the e-mail?

It goes without saying that you should firstly check who the sender is. If it’s someone you don’t know, you should be extra cautious. However, someone you know could also send you a bad e-mail if their computer has been infected. If you don’t trust their attachment, e-mail them to ask if they have sent it. If you receive an e-mail from an online shop or mailorder company asking you to install a program, for example to be able to follow up an order, you can safely assume that it’s malware: reliable suppliers will never ask you to install any program.

Dangerous extensions

A filename ending in exe is definitely a program, and you should therefore think twice before opening it. However, also files ending in msi , bat , com and cmd contain executable code and shouldn’t be opened without checking. Fortunately, most Internet providers or e-mail servers within a company by default perform a scan of incoming e-mails and remove such attachments automatically. However, you shouldn’t rely on this service blindly.

Files which contain only images, video or audio and end in gif , jpg or jpeg , tif or tiff , mpg or mpeg , mp3 and wav are harmless. Note. Watch out for files with a dual extension, such as photo.gif.exe . It may look like a gif image at first sight, but in reality it’s a program, and it therefore almost certainly contains malware. Also watch out for Microsoft Office documents: docx , xlsx and pptx are harmless, but docm , xlsm and pptm may contain macros and hence constitute a risk. PDF files can be dangerous as well, at least if you don’t keep Adobe Reader ( http://get.adobe.com/uk/reader ) up to date.

Watch out for archives

To avoid detection by antivirus scanners, some attachments are sent as a compressed file containing one or more files. You can tell such a compressed file by the extensions zip , rar or 7z . If you’re in doubt, simply delete the message, or open it cautiously in order to check its content.

In case of doubt: scan the attachment

If you think an attachment is suspicious, the fastest and safest solution is to delete the entire e-mail message. However, to avoid this drastic solution, you can first submit the attachment to VirusTotal ( https://www.virustotal.com ), a Google service. You should first save the attachment locally and then upload the file to the service so that VirusTotal can scan it. If the attachment is a pointer to a file, e.g. a link to a file on Dropbox, you can have this file inspected by VirusTotal by entering the URL concerned. Needless to say that you can also use your own antivirus tool to scan a suspicious attachment.

Infected by an e-mail message itself?

You can rest assured that you can’t become infected just by opening the e-mail message itself, as it just consists of text (plain text or HTML). If the HTML contains any JavaScript code, every modern e-mail client will prevent it from being executed automatically. Web services such as Gmail or Outlook.com also block JavaScript by default.

A good piece of advice: even if you have good antimalware software installed, be wary of e-mail attachments, especially when sent by unknown senders. If an attachment looks too suspicious, delete the entire e-mail immediately.

© Indicator - FL Memo Ltd

Tel.: (01233) 653500 • Fax: (01233) 647100

subscriptions@indicator-flm.co.ukwww.indicator-flm.co.uk

Calgarth House, 39-41 Bank Street, Ashford, Kent TN23 1DQ

VAT GB 726 598 394 • Registered in England • Company Registration No. 3599719