Password protected does not equal safe
He cites the recent spam campaign that targeted users from an Italian bank, which used elements of phishing and attempted to steal credit card information. "The email featured an attachment, an HTML document that asked for a password when clicked on. Of course, the password was provided in the text of the email itself and was used to decode the payload containing the HTML code of the campaign."
Should the password be entered incorrectly, the HTML code is decoded, and the phishing website revealed. "The threat actor behind this campaign relied on people believing that if something is protected by a password, it follows that it is legitimate. However, this is clearly not the case."
Malware attachments
Another example of the password being used for nefarious purposes, he said, is a similar campaign that employed malware attachments. "In this case, the cyber crooks used social engineering to trick their targets into downloading and installing malware. This is where the password comes in," he explained.
"The attachment itself was protected by a password that, again, was included in the body of the email. As password-protected archives cannot be scanned by anti-malware products, as this would mean automatic unpacking breaking the password protection, they bypass email security gateways, even though they can be riddled with malicious code."
The take out here, he said, is that although disguising malware in password-protected files is not new, it remains an effective way to infect users and bypass security mechanisms.
"What is key here, is education," said Blaeser. "Be extremely cautious when dealing with emails from unknown senders, or any companies with which you have no regular dealings. If an email seems dodgy, ignore it or delete it. Never, ever, open attachments or click on any links."
Similarly with spam, don't respond to these emails, as all you are doing is verifying your address, he said. "Also, if you notice that a contact of yours is sending strange emails or odd IMs, contact him to see if these are genuine, or not.
"Finally, always make sure you have an up-to-date, comprehensive anti-malware solution installed, as well as a spam filter, firewall and suchlike."