Password-protected malicious attachments delivered via email are not a new occurrence – we have recently witnesses the tactic being used in the so-called Nitro attacks.
But while thusly delivered files have often been archive ones, Symantec researchers have recently spotted malware masquerading as password-protected document files – Word documents, spreadsheets, Powerpoint presentations and PDFs – being delivered as well.
“Passwords for document files are commonly used to prevent unauthorized access to the files by encrypting them with passwords. However, attackers are misusing the password feature to encrypt files, most likely to make it difficult for security products to detect them as malware,” say the researchers. “It also makes reverse-engineering the files difficult because they need to be decrypted before analysis can be performed.”
As the contents of the files in question are encrypted, some AV solutions might not recognize them for what they are immediately but only after they are opened with the password. Still, users are advise to be careful when they are faced with such attachments and to check the legitimacy of the emails carrying them before considering opening them.