Malware in Email Attachments - Which File Extensions are Dangerous?
SUMMARY: In this article, you will learn how to detect malicious email and how to protect yourself from having your home computer or corporate network attacked by malicious software such as viruses, trojans, or worms that are spread through email.
Most computer viruses are spread through email attachments. This is not surprising, as email has become one of the most important means of communication in the last few decades. In a matter of seconds, you can make appointments, send documents and handle private or business matters. However, just as quickly as communication works, enormous damage can be done.
Basic rules in dealing with email attachments
If you consider these three main rules, you can feel much safer in your daily email communication.
- Antivirus Program: An antivirus program, which updates regularly and automatically, recognizes some viruses and helps you detect problems. However, many malware just passes such programs, especially when the viruses or trojans are new and yet unknown to those programs.
- Talk to the sender: To protect yourself if that program fails, you should always make sure that the attachment really came from the person or institution who seemingly sent it.
- Knowledge: It is helpful to be aware of some facts about file types and their extensions; which ones are more dangerous than others?
Make sure you can trust the origin of the attachment
You always have to be aware of the fact that it is not enough to know the person, or institution that sent you an email attachment. Friends or companies could have been the victim of a data breach, which means that the perpetrator could have misused the stolen data for their purpose. Even if there hasn’t been a data breach, it is simple for cybercriminals to fake email addresses. Therefore, you should always double check, whether the person really sent the attachment – maybe by a short call, an email reply or a quick WhatsApp text.
And more important: one does not often receive unexpected attachments. If you bought a product, you wait for the bill. If you receive an attachment named “bill”, but you are not really sure what you are supposed to have bought, just don’t click on it. Curiosity in itself is a great quality because it expends your horizon and it brings us in touch with new things. But, in this context, curiosity can be rather harmful. Curiosity and fear of financial harm are probably the two basic human traits which make cyber criminality flourish.
Phishing in business emails: Emotet
The malware Emotet has been appearing in waves of attacks since 2014. The goal of this software is to paralyze entire IT systems. In some cases, ransom demands are being made. Emotet is often spread by macros in Word files, which then load further malware. There are also versions in which the attachments consist of a .zip file.
With each wave of attacks, the emails become more successful because they are linguistically strongly oriented towards the target group (companies and authorities). For this purpose, the senders are faked in such a way that the e-mail gives the impression that it is internal communication.
The US Cybersecurity and Infrastructure Security Agency (CISA) warns: Increased Emotet Malware Activity
Which file types are less secure than others?
In addition to verifying the sender you can also gain awareness of which kind of files are more dangerous than others. In the list below we will discuss some common file extensions and which file types are more prone to being a host of malware, such as viruses, Trojans and computer worms. Some extremely dangerous file types are being blocked by many mail programs altogether, such as file types with the extensions .bat, .exe, .vbs, .com, .ade, .adp, .cpl, .wsc, and many more.
.txt This type is generally harmless. But, this notion has been taken advantage of in the past. In the year 2000 the computer worm I-Love-You spread rapidly across computers worldwide and caused an estimated damage of 10 billion dollars. This particular worm had the extension .txt.vbs, but the last extension was not displayed by most email programs. As a consequence, most people thought that they were dealing with the harmless .txt extension. As soon as they clicked on the attachment, the .vbs file was executed by the computer, without testing, whether there is any malware attached to it. Because of that costly incident, a .vbs file cannot be sent as an email attachment anymore. This case shows how important it is that your email program shows all of the file extensions.
.pdf PDF files are also considered harmless. However, there have been many security gaps in the most common program used to open PDF files – Adobe Reader. Because of those code vulnerabilities it is possible to transport malware onto your computer using PDF. As a consequence, even in the case of this relatively safe file type, it is very important to verify the sender.
.doc/.docx/.xls/xlsx/.ppt/.pptx To open Office documents in email attachments is problematic because of the risk of them containing macro viruses. To protect yourself from those kinds of viruses you should make sure the sender is really the person who sent it to you. Microsoft made a helpful change starting with Office 2007: From that point on, files without macros have the ending .docx. A .docm file contains macros and should be handled with care. Only with .doc files you cannot know if it contains macros.
Our tip: If you receive an email with a .doc attachment, ask the sender to resend the file – for example as .pdf.
.jpg The extension .jpg is often used as camouflage for an executable program. Therefore, it is important that your email program displays the complete file extension.
.zip/.rar Compressed files can contain viruses that become active as soon as you extract them. You should trust the origin of the email attachment and otherwise you should not open it.
.mp3 MP3 files are generally safe, but you should still trust the origin of the email containing them.
.wav Audio data in WAV format are, compared to MP3, not compressed, which means that this file type is more dangerous than MP3. It is easier to hide malware in a WAV file.
.mpg/.mpeg/.avi/.wmv/mov/.ram We suggest not to open video files in HTML mails, since it is easy to hide malware in there.
.exe The extension .exe marks an executable file that can become active on your computer as soon as you open it, which means that it can create a lot of damage. Such a file should never be opened if attached to an email. The good news is that many email providers, such as Gmail or Outlook, block emails containing attachments with this extension completely.
.html HTML is the standard language used to create web pages. In this format, trojans and worms can be hidden easily. For that reason, many companies don’t allow the access of HTML-mails on their servers at all.
Detect dangerous e-mail attachments
An additional security level is the upload of the data in question to the Virustotal service. Here, the file contents are checked for malware. However, this test is not appropriate for secret or sensitive content files because the data being reviewed is shared with antivirus software vendors.
If you follow these rules, the risk of obtaining malware through email – this practical and indispensable means of communication – is highly minimized. A strong antivirus software that is always up to date, making sure that you can always trust the origin of the email, and a certain caution in dealing with problematic file types makes it more difficult for cyber criminals, to spread malware via email.
A Case of Malware in Email Attachments
Somebody calls a beauty clinic and states that he is a patient. That is nothing unusual for the receptionist. When the caller reported problems after his surgery, she agreed to forward his email with photos of his problem to the doctor. This way, a virus got onto the surgeon's computer. As a result, large amounts of extremely sensitive patient data were leaked. How could the beauty clinic have protected themselves against this attack? Read more in our interview with social engineering expert Lisa Forte.