- Get link
- X
- Other Apps
They are in Word documents, Excel files, even PDFs! But not every wrong click immediately leads to virus infection: a hacker explains.
At a Glance:
· There are many avenues of attack: Sometimes hackers disguise the dangerous ".exe" applications as harmless documents. Effective attacks are also possible using macros in Word documents, Excel files, and PDFs.
· The following applies to newer software: You are a little more secure with it, because not every careless click immediately leads to infection. If you ignore the first warning, the virus threatens with the next click.
· Ethical hacker Bernd Dettmers explains how you can arm yourself against the dangers.
Not every hacker has evil on
his mind. Some even help companies. They hack companies on their
behalf and thus identify security gaps. Bernd Dettmers is such an ethical
hacker. His IT security company Net. e - Networks Experts GmbH is
committed to protecting companies. Dettmers knows the tricks of cybercriminals and knows how companies can protect themselves effectively.
"Ransomware
Trojans stuck in the attachments of alleged applications are currently very
popular again," says the Ethical Hacker. The latest example is the Gandcrab ransomware,
which is attached to alleged cover letters.
Well Camouflaged: Virus in Use
But how much does one really
have to go wrong to get infected with an email virus? Is a single double
click enough? "In the Gandcrab case, the virus is in a .exe file in
the attached zip archive," says Dettmers. For example, the malware
has the awkward name: "Application and curriculum vitae
03.09.2018.exe". Easy to recognize: The .exe file extension reveals that it is an application -
there is a high risk of unknown authors.
The steps to
infection: If you only unzip the zip file, nothing will happen to you. “If
the .exe file contained in the zip archive is executed, for example by
double-clicking, it is too late,” says Dettmers.
Often .exe files
are optically well camouflaged. Equipped, for example, with the symbol
image of Acrobat Reader, a virus looks like a harmless PDF. Also:
For many users, Windows hides the file extension by default. At first
glance, you won't see what type of file it is. Only the iconic image,
which can be easily falsified, indicates whether it is a Docx file, a PDF, or a
.exe file. Only by clicking on the properties of the file does the file
type really become visible.
Tip: You can display the file type
permanently in Windows. To do this, open the folder and search options,
click on View and look for the item in the list: Hide extensions for known file
types. Now remove the tick from this checkbox.
Better Camouflaged: Macros in Documents
"An effective trick used
by cybercriminals is to hide viruses and Trojans in macros within Word
documents, Excel files, or even in PDFs," says IT specialist Bernd
Dettmers. Macros are sub-programs that can be opened by the Office
program, for example. If they contain malware, the computer will be
infected when they run. "Anyone who uses newer software is usually
warned in good time that the document contains macros," explains Dettmers. When
using the latest Office programs or PDF readers, the first click does not lead
to infection. However, if you ignore the subsequent warning and agree to
activate the macros, you will also activate the malware.
Beware of Outdated Software
If software programs and
operating systems are not up to date, they increase the risk of a successful
attack. Take Microsoft Office as an example: "An old version of
Office could load a document with a dangerous macro immediately without any
additional warning and thus cause an infection as soon as a document is
opened," says Bernd Dettmers. An old PDF reader could be just as
dangerous. For example, when a malicious PDF file instructs him to reload
content from the Internet. The PDF does not contain a virus here, but a
control command that instructs the reader to download malware from the Internet. "A
current reader would ask the user beforehand whether he should execute the
command, an older reader might not," explains Dettmers. The security
expert therefore advises:
· You should also keep your operating system up-to-date at all times so that security gaps can be closed and your computer can be protected against newly discovered routes of infection.
· Also, use good antivirus software and keep it up to date. "Antivirus the software has its place," emphasizes Dettmers. Current ransomware such as Gandcrab is also included in the databases of many antivirus programs within a short time after their first appearance and then recognized by them.
Stay Vigilant
But even if your operating
system is up to date and your programs can save you from the last fatal click,
Bernd Dettmers advises against opening suspicious files. After all, there
is always a risk. Dettmers advises craftsmen to consider whether the sender
is really trustworthy before the first click. To do this, ask
yourself questions such as:
· Is the salutation plausible?
· Does the content actually relate to my company, my job posting, or does something not fit together?
You can also have suspicious
files checked. The protegent360.com website offers this
service, for example. Every user can upload a file and lets total security test whether they work. This makes it easy for the user
to find out whether there is cause for concern.
Don't
forget: "Make
sure you sensitize your employees to the topic", warns IT specialist Bernd
Dettmers. Share your findings on IT threats with your team. Only if
the entire company has the same level of knowledge and keeps an eye on digital
security can you effectively reduce the risk of falling victim to a cyber
attack.
Comments
Post a Comment