Top selection of the most dangerous types of attached files

Spammers send out many millions of letters every day. In what files do cybercriminals most often hide viruses – and how to behave properly so as not to get infected. The lion’s share is banal advertising – annoying, but mostly harmless. But sometimes malicious files are attached to letters. To interest the recipient and force him to open a dangerous file, it is usually masked as something interesting, useful or important.


1. ZIP- and RAR-archives

Oh yeah, that’s their favorite format, because you can’t see what’s inside until you download and open it. Like the ZIP files with the intriguing title “Love You0891.” (the number may have been different) was used by attackers to distribute the GandCrab encryption device. It’s a extortion virus. It got on the computers, encrypted the data and asked for money to give the passwords from the encryption, otherwise it will delete everything. Other scammers, who came to the experts’ attention a couple of weeks later, were sending out archives with the Qbot Trojan, which specializes in data theft.

WinRAR: it turned out that when creating an archive, you can set such rules that when unpacking the content will get to the system folder. In particular, you can unpack this content into the folder of Windows autorun – and this “gift” will automatically start on the next reboot. That is, even if you downloaded and forgot about it, it will open without your knowledge. So you need to update WinRAR if you use it.

2. Microsoft Office

Also popular among cybercriminals are Microsoft Office files, especially Word documents (.doc, .docx), Excel spreadsheets (.xls, .xlsx, .xlsm), and presentations and templates. These files may contain embedded macros – small programs that run right inside the file.

Hackers used them, for example, as scripts to download malware. They are perfectly disguised as working documents. And 99% of people use them. It can be issued as a report, an urgent message from their superiors, an order, etc. For example, the same GandCrab encryptor was planted on Italian users under the guise of a payment notification. Yes GandCrab is a very tricky trojan, in 2019 it held 40% of the market of extortion programs.

3. ISO and IMG disk images

ISO and IMG files are not used very often compared to the previous types of attachments, but recently attackers are paying more and more attention to them. Such files – disk images – are actually virtual copies of CD, DVD or other disks. Inside the disk image there was a malicious executable file that was launched when you opened the disk and installed a spyware on the device. With the help of such attachments, the attackers delivered to the victims, for example, the Agent Tesla trojan, which specializes in identity theft.

4. PDF

If many people already know about the danger of macros in Microsoft Office documents, they often do not expect the trick from PDF files. In addition, attackers like to hide phishing links in PDF documents. They can also hide malicious code: the format allows you to create and execute JavaScript scripts.

Source: //

WARNING! All links in the articles may lead to malicious sites or contain viruses. Follow them at your own risk. Those who purposely visit the article know what they are doing. Do not click on everything thoughtlessly.


0 0 vote
Article Rating
Notify of
Inline Feedbacks
View all comments

Do NOT follow this link or you will be banned from the site!
Would love your thoughts, please comment.x

Spelling error report

The following text will be sent to our editors: