Malicious Emails

Email is still the main gateway for malicious software! Here we quote from an email from the postmaster of the rechenzentrum CAU. Please note the instructions on how to identify a malicious email!

Current situation

Please remind yourself that malicious emails remain the main entry point for malware. Please do not let up in your diligence when dealing with mail attachments.

In the recent years, the Qakbot malware has followed in Emotets footsteps, the mode of operation remains the same:

  • You receive a mail with quoted text from a previous message. The mail usually looks like a - slightly strange - reply to the previous message. Often mentioned are contract information or important documents.
  • The attachment is typically
    • a HTML-File (rarely nowadays). or
    • a PDF-File
  • Both files are usually harmless by themselves.
  • In both variants, opening the attachment requests you to download an encrypted attachment, which contains the malware. The malware archive may also be embedded in the attachment file.

 

Please do the following

  • Always verify the sender address before opening an attachment. The name(!) of the sender has no significance whatsoever and is easily forged.
  • Note that falsified senders with CAU addresses get marked with [NOTCAU] in the subject. Take additional care when receiving a message with the [NOTCAU] tag as it failed sender validation an is most likely forged.
  • Encrypted files from unknown sources, in particular when the password is mentioned in the same message, should always be considered highly suspicious. The only purpose for this is circumvention of virus detection.

Additional information may also be found on the Computing Center web pages: https://www.rz.uni-kiel.de/en/hints-howtos/mail-and-webmail/e-mail-security