Emails that claim to be “Urgent” are highly likely to contain malware as attachments a new report reveals. FireEye released a report (view it here) that details a list of top words used in phishing emails (those are emails that pertain to be from various legitimate sources with the intent of infecting the machine or conning the user to give out important information).
The attackers mainly use zip files to hide their malware, ultimately aimed at gaining access to valuable corporate and intellectual data. It appears very few corporate establishments block these kinds of executables, which FireEye’s research confirms.
The report also shows a decrease in the use of ZIP files from last year (2011), a decrease in the use of standalone EXE executables, but an increase in PDF files. Adobe Reader, FoxIT Reader and other widely available PDF readers come with the ability to enable a Safe Reading Mode, which in theory, should prevent malicious code within PDF files from executing. In Adobe, Edit -> Preferences -> JavaScript -> uncheck Enable Acrobat JavaScript checkbox to do this today.
Now, .ZIP files represent the vast majority, 76.91%, of advanced malicious files. The complexity of
these attachments, which can contain many distinct files and file types, coupled with a lack of
user awareness of the danger of these file extensions, has made them a highly effective means for
distributing malware and effectively exploiting systems.
PDFs also pose a significant threat. These file types are ubiquitous and familiar to just about every
computer user. Further, many users are unaware of the fact that malware can be distributed through
PDF files, and malware embedded in these file types is proving to be difficult for conventional defenses
to detect. For all these reasons, PDFs provide cybercriminals with a very effective means of attack.
http://www.fireeye.com/resources/pdfs/fireeye-top-spear-phishing-words.pdf
