Browse archive

Latest news

(IN)SECURE Magazine issue 34 released

Romanian hackers arrested for hitting government websites

17% of the world's PCs are unprotected

Dissecting modern privacy concerns

DNS-changing Trojan leads to phishing banking sites

Olympics fans targeted with lottery scam

WikiLeaks founder Assange loses extradition appeal

Security and privacy in the AWS cloud

UFED Touch: Field-ready mobile forensics solution

Securing the Virtual Environment

Flamer removal tool from Bitdefender

Hack In The Box conferences

Beware of password-protected documents carrying malware

Posted on 29.12.2011

Password-protected malicious attachments delivered via email are not a new occurrence - we have recently witnesses the tactic being used in the so-called Nitro attacks.

But while thusly delivered files have often been archive ones, Symantec researchers have recently spotted malware masquerading as password-protected document files - Word documents, spreadsheets, Powerpoint presentations and PDFs - being delivered as well.

"Passwords for document files are commonly used to prevent unauthorized access to the files by encrypting them with passwords. However, attackers are misusing the password feature to encrypt files, most likely to make it difficult for security products to detect them as malware," say the researchers. "It also makes reverse-engineering the files difficult because they need to be decrypted before analysis can be performed."

As the contents of the files in question are encrypted, some AV solutions might not recognize them for what they are immediately but only after they are opened with the password. Still, users are advise to be careful when they are faced with such attachments and to check the legitimacy of the emails carrying them before considering opening them.