Identifying dangerous file attachments

Question

How do I know if an e-mail file attachment is dangerous or not?

- Samuel

Answer

This question was answered on May 28, 2010. Much of the information contained herein may have changed since posting.

This is one of those questions that has an answer that’s a moving target, mainly because the tactics used by those with malicious intent constantly changes.

In general, you should consider all file attachments to be dangerous, but the reality is that on occasion, you may have someone send you a legitimate file via e-mail.

The old advice of ‘never open a file attachment from someone that you don’t know’ is completely useless these days The bad guys heard this advice being harped over and over again so they came up with a way to make it look like a file was being sent by someone you know.

These days, just about anyone that is fooled into opening a malicious file attachment becomes a virtual ‘Typhoid Mary’ because their infected computer will start silently sending out the infected e-mails to everyone in their address book.

The twist, however, is that these messages are sent with a ‘spoofed’ sender in the From: field that is randomly chosen from the infected computer’s address book.

The evil logic in the scheme is that by randomly choosing someone in your address book, it’s likely that others in the same address book will be acquainted and the recipient will assume that the file attachment is legitimate since it appears to be from someone they know.

To make things worse, if the recipient discovers that the message is tainted, they warn the purported sender that their computer is infected, when in fact it isn’t.

This spoofing technique makes it very difficult to figure out who actually sent the message and more importantly much more difficult to alert the infected party that they have been compromised.

There are some very big red flags that everyone should always be on the alert for when it comes to these types of messages.

The first is improper grammar or lots of misspelled words Many of the hackers that operate in this world are in foreign countries and do their best to replicate the English dialect, but generally speaking (if you are watching for it) you can easily sniff out suspicious messages just by examining the Subject or message body text.

As I said earlier, you should assume that all file attachments are dangerous, but there are some file types that absolutely should never be opened when sent via e-mail (unless you have prior knowledge that the exact file name and type is being sent by a specific user).

If you ever see a file with the .EXE, .ZIP, .COM, .VBS .JSE or .BAT extensions, you should never open them, regardless of who they supposedly came from.

While these are the most commonly used by scammers, there are plenty more file types that can allow malicious code to run in the background if you fall asleep and open them (Outlook blocks 89 different file types by default- http://bit.ly/cSPM0Q ).

Equally as important, for those that are in the habit of sending file attachments, changing how you exchange legitimate information with your trusted circle will help reduce the confusion.

For instance, instead of sending pictures via e-mail, post them on a public or private photo sharing site like http://Flickr.com or http://Shutterfly.com and send a simple message with an invitation to view the images online.

If you exchange a lot of documents, consider using Google Docs (free) as an online collaboration site which also eliminates the need to remember who has which version of a document or setup an account at http://Box.net or http://Drop.io as a private online file sharing system amongst your trusted circle.

If everyone stopped using e-mail to send legitimate files, then we could all ignore anything that came via an e-mail message forever (so please send this column to those in your life that send lots of files via e-mail!)

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by Ken of Data Doctors on May 28, 2010