Many people are leary of opening documents from unknown people but not from those they know. That’s why you may get nailed! Malware makers seek to leverage this trust.

Many PC users may already know that a USB thumbdrive inserted into their PC may implant malware. Some of these people may know how USB thumbdrives come to be infected. The answer is simple. Most sophisticated malware infestations included secondary modules. One of these systematically adds malware to any USB thumbdrive inserted into the infected machine. This spreads the malware along yet another vector.

So, what is to stop malware makers from including a secondary module that inserts malware infection code into a user’s existing Microsoft Excel files so that when others open these as email attachments their machine becomes infected too? Nothing.

In fact, today’s sophisticated malware has the ability to download new secondary modules as they become available.

Remember, there are millions of infected PCs throughout the world without their users knowing it. Someone you know may be one of them and not know it. Their malware infestation may have downloaded a module for last week’s reported Excel exploit, as well as the exploit for Adobe Acrobat reported two weeks ago. All of their files may be spiked with malware.

Oh, one more thing, as Botnets routinley alter the signature of their outbound malware every 10 minutes so that they elude signature-based PC protection, so too can the malware on the machines of those you know. So, if you open an Excel, pdf, or other file/document from someone you know, the probability of your signature-based anti-malware (AntiVirus, anti-spyware) intercepting it is less than 50%.

Files and documents from people you know have never been more dangerous. Fortunately, you can protect yourself as well as those computers in an enterprise.

Posted: Monday, March 2nd, 2009 - Endpoint Security
RSS 2.0 - Comment - Trackback