Most attacks tend to be “plain vanilla” – a phishing link, a fake website, a malicious executable, and so on. But sometimes attackers can be particularly creative in the design of their technique. Recently our platform exposed such an approach. We detected a malicious .xls file that at first glance looks quite innocent. The Excel file contains completely random characters spread across the worksheet. When the user tries to close the file he encounters an error causing the application to crash repeatedly. A deeper investigation shows there to be a malicious Macro code inside the Excel file that, when closing the file, takes all of the random letters and creates an executable malicious code that infects the host with malicious code.

Basically, if a user opens this file – he could easily believe it to be junk and immediately close it, and voila! the attacker is in. Thanks to our Recursive Unpacker’s deep scanning capability combined with our Dropper engine, which handles macros and scripts, our Advanced Email Protection caught this attack before it hit the user’s inbox.