Most attacks tend to be “plain vanilla” – a phishing link, a fake website, a malicious executable and so on. But sometimes attackers can be particularly creative in the design of their technique. Recently our platform exposed such an approach.
We detected a malicious .xls file that at first glance looks quite innocent. The Excel file contains completely random characters spread across the work sheet. When the user tries to close the file he encounters an error causing the application to crash repeatedly. A deeper investigation shows there to be a malicious Macro code inside the Excel file that, when closing the file, takes all of the random letters and creates an executable malicious code that infects the host with a malicious code.
Basically if a user opens this file – he could easily believe it to be junk and immediately close it, and voila! the attacker is in. Thanks to our Recursive Unpacker’s deep scanning capability combined with our Dropper engine, which handles macros and scripts, our Advanced Email Protection caught this attack before it hit the user’s inbox.
To learn more about our solution,
Perception Point’s platform recently caught an advanced threat directed at one of our customers within a Microsoft Word file.
Over the years organizations have implemented multi-layered approaches to protect their email, due to the fact that no single solution has provided sufficient results.
In this series of posts we’re going to demonstrate how modern CFI implementations can be circumvented.Show More