It’s very easy to be misled these days into installing a piece of malware onto your computer no matter how careful we seem to be. In the light of recent attacks based on Microsoft Word vulnerabilities we need to be extra careful with document attachments that appear to be from friends or companies that we are used to dealing with.
At J&T designs we use a company called 123-Reg to register domains for both our and our clients’ websites. These are usually set to auto-renew by direct debit so that we never ‘lose’ a site. Whenever this happens we get an email with an invoice attachment. Yesterday we got a couple of emails that I wasn’t expecting as I wasn’t aware of any automatic renewals being due. This set alarm bells ringing in my head and so I downloaded the attachment and uploaded them to Virus Total. This is a very useful free tool available to everyone that lets you scan any suspicious file with the latest version of over 50 separate anti-virus or anti-malware programs. At the time it was flagged as indeed containing the banking trojan Dridex – implicated in the above attacks – but only by 9/56 programs. (I repeated this morning and it was detected by 33 so the anti-virus signatures are starting to catch up!).
This all illustrates a few points:-
- Be very careful with emails even if they come from someone you know. These emails appeared to come from a company that we regularly deal with. They even copied the 123-Reg invoice numbering system.
- Don’t rely on anti-virus. It takes several hours or even a couple of days to catch up even on a new variant of an already known threat.
- Don’t put off software updates. Microsoft issued a fix for this last week. If I had used a non-updated version of Microsoft Word to open this type of document and my anti-virus hadn’t picked it up then my bank account contents could well be winging their way to Russia or China by now.