17/08/2018
Many websites publish lists of file types which are potentially dangerous when received as an attachment to an email.
While most of these lists are correct and should be avoided, fortunately this not accurate.
ALL EMAIL ATTACHMENTS ARE POTENTIALLY DANGEROUS REGARDLESS OF FILE EXTENSION.
This is for several reasons.
The main reason is that Windows by default hides file extensions so when you receive an email with what is allegedly an image file, perhaps a name like “my dog.jpg”, unless you have “show known file extensions enabled “, you do not know it is a jpg or png file and it is very possibly a malware file that is actually named my dog.jpg.exe. Windows by default only fails to display the final extension, so the malware file that is actually named my dog.jpg.exe looks like an innocent file called my dog.jpg
Take a look at the 2 screenshots below this article of the same exe file that has a faked icon that makes it look like it is a jpg.
Many people rely on the icon to say whether it is legitimate or safe, if the last file extension is hidden. With the .exe hidden, which is windows default, the vast majority of people would assume that the second image is a genuine jpg (photo) and double click it to open & consequently get infected.
The other file extensions that are considered safe can be equally as dangerous, if not more so. All Office files including DOC, XLS, PPT can and frequently do contain malicious macros and/or embedded ole objects which is a very common method of spreading malware. Adobe pdf files are equally as dangerous with numerous exploits and embedded malware content. Adobe Reader comes with support for JavaScript embedded in PDF file. Hackers can simply add malicious JavaScript code to the PDF file to exploit this vulnerability. When you open the PDF file, the malicious JavaScript get executed and install malware on your computer, all without you knowing it.
NO file extensions are ever automatically safe when received either by email or when asked to download via a web link. You should always TREAT EVERYTHING AS SUSPICIOUS.
There are manual ways to test extensions Such never opening an attachment directly from the email or the web link but rather saving the attachment to a folder on your PC then scanning with your antivirus. If your anti-virus doesn’t find any malicious content, then double check by uploading to virustotal.com where over 50 antivirus scanners will check the file for you.
We all know expecting users to perform the above manual steps on every attachment is never going to happen.
The best solution is to IMPLIMENT A STRONG EMAIL SECURITY SOLUTION.
Spamina's Cloud Email Firewall is designed to detect spam, phishing, malware and viruses in real time using advanced patterns and classifications techniques. As a result, exposure to zero-day attacks and advanced persistent threats are kept to a minimum.
In addition, Spamina's Advanced Threat Protection (ATP) solution includes Sandboxing 2.0 technology as well as premium antivirus, which allows analysing emails in the Spamina sandbox every time the user accesses the email. Like this, any threat received by the user in the email and, although evolved over time, will be analysed in real time, delivering mail clean of malware. In case of detecting malicious content, the user receives a notification of the incident and the email is isolated in the Spamina cloud
ATP is a scalable solution that can be contracted for the entire domain or only some users in the company. Its implementation is a simple process that is done without interfering in the activity of the employees, guaranteeing the continuity of the business and that there are no drops in the productivity of the company.