corrupted files Archives

Winsage

December 28, 2024

6 reasons you shouldn’t join the Windows Insider program

The Windows Insider program allows users to test unreleased features of Windows 11 and provide feedback. Participants may encounter several issues, including: - Unstable user interface with bugs, glitches, unexpected freezes, and scaling issues. - Random reboots that risk losing unsaved work. - Throttled performance during resource-intensive tasks, such as gaming and video editing. - Increased potential for data loss due to system failures and blue screens of death (BSOD). - Microsoft collects diagnostic data from users, raising privacy concerns. - Frequent updates that can introduce new issues and require significant time for installation. Overall, the experience may lead users to prefer stable releases over Insider builds.

Tech Optimizer

December 16, 2024

Novel phishing campaign uses corrupted Word documents to evade security

A recent phishing campaign exploits Microsoft’s Word file recovery feature by sending corrupted Word documents as email attachments, which can bypass conventional security measures. Identified by the malware hunting firm Any.Run, these documents appear to be legitimate communications from payroll and human resources, featuring themes related to employee benefits and bonuses. The filenames of the attachments include variations such as "AnnualBenefits&Bonusfor[name]IyNURVhUTlVNUkFORE9NNDUjIw.docx" and "Due&Paymentfor[name]IyNURVhUTlVNUkFORE9NNDUjIw_.docx.bin." Each document contains a base64 encoded string that decodes to "##TEXTNUMRANDOM45##." When opened, Microsoft Word prompts the user about unreadable content and offers recovery options. Upon recovery, users are instructed to scan a QR code, which leads to a phishing site mimicking a Microsoft login page to harvest credentials. These documents often feature company logos to enhance credibility and have been successful due to their ability to evade detection by security solutions, with many returning "clean" results on VirusTotal. Users are advised to exercise caution with unknown emails and verify attachments' legitimacy.

Tech Optimizer

December 5, 2024

Hackers bypass antivirus using corrupted files

Researchers at ANY.RUN have identified a zero-day attack campaign operational since at least August 2024, which employs corrupted files to bypass security measures. Attackers use corrupted files, often disguised as ZIP archives or DOCX documents, to exploit vulnerabilities in file-handling processes, allowing them to evade antivirus software, sandbox environments, and email spam filters. These files execute malicious code when opened, despite their damaged appearance. Conventional antivirus solutions struggle to scan these files effectively, static analysis tools fail to process them, and advanced email filters cannot intercept them. ANY.RUN’s interactive sandbox can dynamically analyze these corrupted files in real-time, identifying malicious activity that traditional security tools miss. The attack process involves delivering a corrupted file via email, leading to detection failure by security tools, execution through built-in recovery mechanisms in applications, and identification of malicious behavior by the sandbox. This highlights the need for advanced threat detection techniques to maintain robust cybersecurity.

Tech Optimizer

December 4, 2024

How hackers are using corrupted Microsoft Office files to fool everyone

Corrupted Microsoft Office documents and ZIP files are being used in a phishing campaign that evades antivirus detection, as reported by cybersecurity firm ANY.RUN. This tactic, active since at least August 2024, involves corrupting files to bypass email security protocols while allowing harmful content recovery. The documents are designed to avoid detection by email filters and antivirus software, using QR codes to direct users to fake Microsoft account login pages. Analysis shows these attachments often do not trigger alerts on VirusTotal, as they exploit Microsoft Word and WinRAR's recovery features. This method is categorized as a potential zero-day exploit, aiming to deceive users into opening the files and activating the QR codes for credential harvesting or malware delivery. Security experts stress the importance of user awareness and training to identify phishing attempts, while organizations are enhancing email filtering to detect file corruption patterns. The rise of QR code phishing, or "quishing," adds complexity, as many users are unaware of the risks of scanning codes.