While legitimate documents may be sent with a password protected file, it is very unlikely that the mail will CONTAIN the password.
Attackers will do this because, if an infected file is encrypted and protected with a password, virus scanners will not be able to detect the infection.
Early this morning a small malware campaign started up claiming to be daily customer statements from “Berkeley Futures Limited” (real company, but messages are spoofed). The payload was an attached .zip file that was password protected. The password was displayed right in the original message body for the recipient though, which should be a red flag to users. A file will normally be encrypted when a password is used, making scanning inside an archive for malware not possible unless a user inputs the password on their computer to extract it. This can make filtering files like this tricky, but not impossible.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.