Connect with us

Hi, what are you looking for?

Biz Solutions

Targeted attacks deliver disassembled malware – Symantec

Symantec recommends that network administrators filter out the shortcut filetype at the gateway of the network as there are no practical reasons for emails to contain shortcut files in normal circumstances.

Shortcut files are fast becoming a common vehicle used in targeted attacks to deliver malware into organizations. Symantec has observed a variety of ways that shortcut files are being used to penetrate networks because they allow for evasion in threat detection by security products.

In this latest example, an email is circulated with an attachment and a shortcut file which is used to reassemble the malware. The email used for this attack included an archive file as an attachment, which contains a shortcut file with an icon of a folder, along with a real folder containing a Microsoft document file and two hidden files with .dat file extensions.

Keen users will have noticed that only one of the two Summit-Report folders is an actual folder, with the other being a shortcut file. A look inside the Summit-Report 1 folder reveals the components of the malware file. However, clicking on the shortcut will execute the assembling of the malware.

SymantecShortcut files are typically simple and cost efficient to use by cybercriminals. They do not require the use of exploits, which can be more resource intensive and also requires the victim’s computer to be vulnerable. Icons can easily be made to look like folder or document files. Once an attacker prepares the malicious files, they then only have to write one line of script and the attack is ready.

Symantec recommends that network administrators filter out the shortcut filetype at the gateway of the network as there are no practical reasons for emails to contain shortcut files in normal circumstances. Recipients should also remain vigilant and look out for emails with suspicious files and only open these files when they receive it from someone trustworthy.

Advertisement. Scroll to continue reading.

For more information, please proceed to the Symantec Security Response blog post or follow us on Twitter at @SymantecASEAN.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Smart and its value brand TNT do not send text messages with clickable links. If you receive one—even if it looks like it’s from...

SOFTWARE

With the new Spatial Gallery app, users have access to a curated collection of spatial content spanning art, culture, nature, sports, and more. visionOS...

White Papers

n the Philippines, industry players are taking a more proactive approach to building a security framework for digital resilience.

HEADLINES

This marks the company’s first participation in the region’s premier tech event, where it will showcase its groundbreaking cybersecurity solutions to industry leaders, innovators,...

HEADLINES

A report found that the primary way attackers gained initial access to networks (56% of all cases across MDR and IR) was by exploiting...

White Papers

The Department of Information and Communications Technology (DICT) reports that government agencies, academic institutions, and telecommunications companies remain prime targets for cyber criminals, with...

HEADLINES

The exploit, discovered by Kaspersky’s Global Research and Analysis Team (GReAT), required no user interaction beyond clicking a malicious link and demonstrated exceptional technical...

HEADLINES

At the end of 2023, Sophos X-Ops noted a significant increase in ‘remote encryption’ attacks – where ransomware attackers breach a compromised and often...

Advertisement