Friday 4 March 2016

RTF can be malware

I just discovered that RTF (rich test format) attachments can contain malware. I was emailed an RTF file, I checked it with Virustotal, and two of the 54 products flagged it as malware. That's pretty poor, I agree, but it's what I've come to expect.

We all knew that Doc and Xls files (and similar) can include malicious macros, and that Zip and rar (and similar) files can too. HTML can include javascript that does something you didn't want, and because I'm being sent javascript files, clearly these can include malware. PDF files can exploit a bug in Acrobat to install malware.

I though RTF files were safe. They aren't. They can include macros, just like Word files.

This isn't a new discovery, the experts already knew about it (that article is dated 2001). But I have a problem with "the experts", they warn us about this and they warn us about that, but none of them seem to be warning us that the real threat today is malware arriving via email, and that of 54 products, 95% don't flag the malware that just arrived in my inbox.

Why is this? I mean, I know why they can't flag the malware, that's obvious, it's becuase they didn't even see it before I did. What I don't understand, is the silence about the situation. Maybe one could imagine a conspiracy in which the AV companies don't want to tell the world that they're selling a useless product, but there's a lot of researchers who aren't attached to an AV company who would be delighted to blow the whistle. And it isn't exactly difficult to verify the situation - just take the next dozen obviously malicious emails that are sent to you, and submit the attachments to VirusTotal. Or just scan them with the scanner that you hope is protecting your system.

OK, so antivirus products don't protect against trojan horses sent via email. Maybe the clue is in the word "antivirus", because trojans aren't viruses. And maybe AV products protect very well against viruses. Maybe - I can't verify this. Because I haven't seen a virus in donkey's years. The threat has changed.

25 years ago, the threat was viruses. Remember the panic over Michelangelo, dues to turn nasty on March 6 1992? That was a boot sector virus. Boot sector viruses spread from computer to computer via infected floppy disks. When was the last time you saw a floppy disk? Computers today don't even have floppy disk drives! The virus threat is history. The threat today is trojans. Mostly sent by email, partly transmitted via the web using malicious adverts.

And antivirus products don't help you.

No comments:

Post a Comment