securityresponsetargetedattacks01500
Malware

Security Response: Targeted Attacks Deliver Disassembled Malware

Shortcut files are fast becoming a common vehicle used in targeted attacks to deliver malware into organizations. Symantec has observed a variety of ways that shortcut files are being used to penetrate networks because they allow for evasion in threat detection by security products.

In this latest example, an email is circulated with an attachment and a shortcut file which is used to reassemble the malware. The email used for this attack included an archive file as an attachment, which contains a shortcut file with an icon of a folder, along with a real folder containing a Microsoft document file and two hidden files with .dat file extensions.

Keen users will have noticed that only one of the two Summit-Report folders is an actual folder, with the other being a shortcut file. A look inside the Summit-Report 1 folder reveals the components of the malware file. However, clicking on the shortcut will execute the assembling of the malware.

Shortcut files are typically simple and cost efficient to use by cybercriminals. They do not require the use of exploits, which can be more resource intensive and also requires the victim's computer to be vulnerable. Icons can easily be made to look like folder or document files. Once an attacker prepares the malicious files, they then only have to write one line of script and the attack is ready.

Symantec recommends that network administrators filter out the shortcut filetype at the gateway of the network as there are no practical reasons for emails to contain shortcut files in normal circumstances. Recipients should also remain vigilant and look out for emails with suspicious files and only open these files when they receive it from someone trustworthy.

PREVIOUS ARTICLE

« Intel pushes speed, reliability claims with unveiling of MXC cable

NEXT ARTICLE

Not quite Heinz: Intel's Avoton server chip comes in 13 varieties »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Poll

Do you think your smartphone is making you a workaholic?