Archive

Archive

Blog.Telekom

Alice Roth

1 Comment

Unwanted advertising in the form of spam mails - who doesn't know it? Your inbox is overflowing, because you often can't keep up with the deletion. At least that's how I often feel. Many of these mails are just annoying and superfluous. And then there are those you should never have clicked on ...

Security Analyst Theresa Ludwig explains at GDW Afterwork how the malware gets on the computer

Security Analyst Theresa Ludwig explains at GDW Afterwork how the malware gets on the computer

Maybe some of you have already heard from Emotet. Recently the BSI (Federal Office for Information Security in Germany) described Emotet as "the world's most dangerous malware". Because it is a nasty combination of malicious mini-programs and the makers are becoming more and more professional. Reports of production stoppages, service failures and numerous infected networks are increasing in this context. To make matters worse, people like you and me are increasingly affected, along with businesses, organizations, and government agencies. But how does this crap actually get on the computer? 

At Telekom Security, my colleague Theresa Ludwig deals with precisely such questions. She is a security analyst in the CERT (Cyber Emergency Response Team) and knows all about bad spam mails. At the last afterwork of the women's network Global Digital Women, she made more than 50 women smarter (and some men). So what happens when I open a mail with a nasty attachment? First of all, it's no coincidence that the malicious code is often found in documents attached to emails. Simply because most users deal with Office documents on a daily basis and aren’t alarmed to get one via mail. So I open the document and then it can happen that suddenly a message appears on the screen. It prompts me to activate so-called macros. But from a technical point of view this is not necessary at all, Theresa emphasizes. It only allows a program code to be executed in the background, without me noticing anything... And, gee, the malware is already active.

20191113-verhängnisvoller-klick-02-en

Activation of the content ensures that different IPs are accessed one after the other in order to load the actual malware. The attackers were clever: as soon as the first IP is blocked, the next source is used.

What the user doesn't notice is that while he is reading the document text or looking at the table of numbers, his computer is gradually surfing to different targets. Each of these targets loads tiny modules of malware onto the device I'm using to view the document. This happens within a few seconds. It's scary how fast this can go, isn't it? 

Such dangers are often warned. I wonder how it can be that a lot of people still fall for this scam. After all, Emotet engaged the cyber security industry in several waves for years. Furthermore, I thought that the mails themselves were full of mistakes and poorly translated language and should attract attention easily.

But we were all surprised when we were shown current copies of such mails. At first glance, they can no longer be unmasked immediately. Broken English and cryptic sending addresses are a thing of the past in many cases. On the contrary, they now look really attractive! And that makes it so difficult to decide which message is real and which should be deleted immediately. Theresa showed us a current Emotet e-mail during her presentation. Tricky. One could think it was the answer to a previously written, own mail. Theresa warns that even a kind of mail history is generated by Emotet. This is a new criminal trick to make the reader believe "this message is definitely real" - because the personal address and the names used also seem to be correct. I took these learnings from Theresa's lecture with me:

  • Thoroughly check e-mail history: can this content really be correct or does the text seem rather generic?
  • Check sender alias: just because the name or signature of my colleague seems to be correct, the e-mail address does not have to be correct. 
  • Last, but not least: Beware of pop-up "product notices" from documents - here at the latest it is worth calling the sender to check whether this mail went out in this form.

It's like so many times in life: Caution is better than indulgence - especially with cyber security issues. I will remember the afterwork for a long time to come. Thanks for the exciting deep dive into the world of spam mails, Theresa!

Ratgeber Digital und Sicher

Digitally secure

Boost your digital immune system.

FAQ