Of course most email attachments that appear reasonable (i.e. not promising a pic of the Kardashian family in the nude :) are legitimate. But it only takes one bad attachment to break in your defenses. In my line of business many people requesting xplorer² support send PDF attachments for no apparent reason, but most of them turn out to be safe. In the beginning I was testing them in a sandbox and I never found anything amiss. So I turned slack. And last week, I tried to open a DOC attachment that seemed to come from an xplorer² user with a problem and got bitten. I am lucky that the standard windows 10 defenses blocked the virus before it could do any harm. Obviously I am back to "trust no-one" mode.
Checking each email attachment before opening it is a big timewaster, so there must be a way to test the documents quickly. One possibility is to use a throwaway virtual machine (e.g. in Virtual Box) with MS Office and a PDF reader installed. Import the attachment in this sandboxed environment, and try to open it. If it turns out to be a nasty, just reset the VM and delete the rotten attachment.
The forthcoming windows sandbox is also a possibility but it's a default windows installation without office viewers etc installed
An easier solution to foil phishing attempts is to use xplorer² Extract text function (we find a use for this every week!) Instead of opening the attachment in its default program, it uses the windows search filter to extract the text out of the document, which will show you what's inside without running any scripts or viewer vulnerabilities that can harm your PC. If you don't need to see the full document, you can use the previewer pane in Draft mode (tab), which again will only show plain text without formatting. If instead of plain text you see a thumbnail, make sure you lock the viewer in Text only mode using the right click menu.
Sadly, like airport security checks, anti-phishing protection requires some boring routine checks on each suspect email attachment. I hope the plain text extraction procedure just described will make things a little more bearable.
Post a comment on this topic »