Online security experts have discovered that attackers have gotten smarter and are now using file types that don’t arouse suspicion. Through this technique, they have been able to distribute various types of malware such as Locky (a kind of ransomware) and Kovter (a click-fraud Trojan).
As reported by the Microsoft Malware Protection Center, attackers take .LNK files, infect them with harmful scripts, put them inside .ZIP files, and distribute them through email. When recipients open the shortcut file, it executes a PowerShell script that attempts to download Locky and Kovter from five or even more domains. The script is written in such a way that it could get around URL filtering programs employed by a user’s computer or email client, and the use of multiple domains increases its chances of successfully installing malware.
Protecting Your Computer
So, what should you do to protect yourself from these files? Well, you can start by reviewing your PowerShell execution settings and choosing the “Restricted” option, which prevents the program from automatically executing files. However, it’s important to note that this isn’t a foolproof plan since attackers have figured out how to sidestep these restrictions and “force” PowerShell to run malicious programs.
If you’re using a Windows 10 PC, you’ll want to enable Windows Defender. This inspects files at runtime and can detect malicious scripts even before they’re put into action, preventing the download and installation of ransomware and other harmful programs.