Search the Community
Showing results for tags 'email'.
Found 4 results
Watch out for fake USPS delivery emails! We at SUPERAntiSpyware have been alerted to scam emails hitting users claiming to be from the US Postal Service (USPS) that contains a link that will infect them with malware. One of the emails being used by this scam is notice@ussp(DOT)com The subject line of the email will typically be titled “Delivery notification – Parcel delivery *NUMBER* failed” containing a message that the user please call the number on the shipping notice we left at your doorstep (which there will be none!) to arrange a new delivery, and a link which you can view the delivery notice online, on the USPS website. This is a fake link to a malware infested website. If you see a link in a suspicious email such as this do not click the links or open the attachments no matter how innocent they sound. If it claims to be from an official organization, call them and ask if the email is legit. Better safe than sorry!
Some of the earliest computer viruses and malware were created using macros in Microsoft Office documents. These pieces of malicious code would run once the document was opened, and the infection would happen without the user even being aware that their machine had been compromised. While these types of attacks had fallen out of favor over the years, they've come back in style and are more popular than ever before. What exactly is a macro? While you've probably heard the term thrown around before, most people don't actually know what they are, or what they're capable of. In short, macros are little snippets of code that run through your office software. Many people use macros to speed up a repetitive processes, like formatting items. Unfortunately, the same type of code that is used to perform the mundane can also be used to perform the malicious. Due to the ease of abuse, Microsoft removed the automatic enabling of macros many years ago. This is ultimately what lead to the majority of these types of attacks going by the wayside. Because there was no longer a way to abuse this on most machines, would-be attackers changed their methods to more traditional programs, which are far easier to detect with a normal malware scanner. With the recent surge in ransomware, new methods of delivery were needed by would-be attackers. The anti-malware engines had been able to detect many variants, and it was only getting easier. This meant that stealth was needed. What better way to do that than to bring back a tried-and-true method in Office Macros. Few people expected it due to the fact that these infection types hadn't really been seen in years. The basic attack is carried out like this: 1) An infected person sends you an email with the subject similar to "ATTN: Invoice Attached" that has a Word document attached. 2) The person downloads and opens the file, only to see a garbled mess of characters with a notice that says "Enable macro if the data encoding is incorrect" in big bold red letters at the top of the window 3) The unknowing victim enables macros, thereby initiating the malicious code 4) The code runs, sending out an email to your Outlook contacts (attempting to infect them), downloads whatever payload(s) it wants, then runs the ransomware (locking your files) Because of the sharp increase in these types of attacks, Microsoft, SUPERAntiSpyware, and many other security vendors recommend that all users disable macros if they do not need to use them. While Macros should be disabled by default, it is worth double-checking your preferences in order to ensure that you are protected as best as possible. For more information on how to disable macros in Office files, please visit this Microsoft Support article. NOTE: This is a recommendation specifically for home users, if you are in a work environment please contact your IT department first before making any changes!
Whenever I run SuperAntiSpyware (and accept the defaults), my ability to click a hyperlink in Thunderbird is lost. In order to click and link and go to the associated web page, I have to go into the Thunderbird configuration settings and restore the default values. Is there an option that I'm overlooking in the SAS scan that would prevent changing Thunderbird? Thanks in advance for any guidance.