Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • Monitoring & Management
    • N-central Automate. Tackle complex networks. Get remote monitoring and management built for efficiency and scale.
    • RMM Start fast. Grow at your own pace. Try this powerful but easy remote monitoring and management solution.
    • Backup
    • Backup Get data protection for servers, workstations, applications, documents, and Microsoft 365 from one dashboard.
    • Security
    • EDR Defend against ransomware, zero-day attacks, and evolving threats with endpoint detection and response.
    • Mail Assure Leverage mail protection and archiving to keep your users safe from email threats and downtime.
    • Passportal Adopt and enforce best practices for password and documentation management with ease.
    • Tools & Services
    • MSP Manager Increase helpdesk efficiency with a robust PSA, ticketing, reporting, and billing management solution.
    • Take Control Help support customers and their devices with remote support tools designed to be fast and powerful.
    • View All
  • Solutions

    Solutions

    • Security Protect your customers and expand your business by offering layered security services without the complexity.
    • Monitoring Choose the right remote monitoring and management solution to meet you where you are and grow with you.
    • Operational Efficiency Boost profits by improving efficiency via automation, resources and training, and time-saving products.
    • IT Departments Keep your organization productive by easily managing IT from a single, easy-to-use, web-based dashboard.
    • Remote Monitoring Solutions Comparison Compare SolarWinds RMM and N-central side by side. Sign up to talk to a specialist to find the right fit.
    • View All
  • Resources
    • Download
    • Resource Library
    • Product Information
    • Free Tools
    • Learn
    • MSP Institute Webinar Series
    • Daily Live Demos
    • MSP Advice Project
    • Ask the N-central Experts
    • Upcoming Webcasts
    • Connect
    • Blog
    • Security Resource Center
    • Events
    • RMM Foundations Training
  • About
    • Company
    • About Us
    • Leadership
    • Careers
    • News & Press
    • Awards & Recognition
    • Support & Policies
    • Customer Success
    • Customer Support
    • Legal
    • Security
    • Get in Touch
    • Contact
    • Get a Quote
    • Worldwide Sales & Support
  • IT Departments
  • Contact Sales
    • Contact Sales
    • General Inquiry
    • Get a Quote
    • Worldwide Sales & Support
    • Talk to Specialist
    • Security Solutions
    • Monitoring Solutions
    • Operational Efficiency
  • Try Now
    • Monitoring & Management
    • N-central
    • RMM
    • Backup
    • Security
    • EDR
    • Mail Assure
    • Passportal
    • Tools & Services
    • MSP Manager
    • Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security How to Spot Dangerous Email Attachments
Security

How to Spot Dangerous Email Attachments

By Sebastian Antonescu
26 June, 2018

Recently, we have noticed a considerable spike in spam and phishing campaigns using various techniques to cloak malware in email attachments. To help keep your business protected, it’s important to understand how these attacks work and what you can do to help prevent them. 

Taking proactive measures is one of the best ways to combat attacks attempting to trick attachment scanning technologies. As an example, we have recently seen leveraging techniques that work to prevent virus scanners from checking the attachment by using corrupted MIME headers or corrupted archives. 

Spam and phishing emails often contain malicious attachments in plain sight, or covertly hidden in zip/rar archives, or in Office documents as macros. To infect your computer, the email often includes an executable file. Although it can be difficult to identify suspicious files at first glance—as they are commonly hidden within zip archives to trick spam filters—they can often be recognized by their file extension, such as: .exe, .bat, .com, .cmd, .cpl, .js, .jse, .msi, .msp, .mst, .paf, .wsh, .wsf, .vbs, .vbe, .psc1, .scr, and .ink.

Let’s take a look at some of the most common extensions presented above:

CTA Image

SolarWinds Mail Assure

Advanced Threat Protection for Inbound and Outbound Email.

Try It Free Learn More

·  .EXE
These files are Windows-executable files and some of the most dangerous attachments you can receive in an email. It is uncommon for people to send executable files in emails as attachments, so such an email should immediately raise a red flag.

·  .MSI
This is another format for Microsoft Installer used on Windows, though applications can also be installed via an .EXE file. It may carry malicious files bundled into another application, thus giving the impression that it’s installing a legitimate application.

·  .JAR
These are executable Java applications that use the Java runtime environment to run on a specific machine. These usually leverage Java runtime vulnerabilities and download/install malware on the affected computer.

·  .BAT
This is a batch file that contains a simple list of commands usually run in the Command Prompt and originally used by the old MS-DOS.

·   .CMD
These are the same thing as the .BAT extension, but introduced in Windows NT. The effect is the same as the batch file.

·  .JS
This is a JavaScript file, which usually runs in web browsers. The main disadvantage for Windows users is that the OS runs JavaScript files by itself with no sandboxing.

·  .VB/.VBS
This is a Visual Basic Script file that usually executes the script code embedded when run.

· . PSC1

This is a PowerShell script, which is executed on a Windows machine.

All these file extensions are constantly being used in spam and phishing campaigns, generating a lot of damage for unprotected computers.

It is critical to check what type of files you receive and refrain from opening any attachments containing the above file extensions, especially if they come from unknown sources. To help ensure you and your business are protected from spam, phishing, and all email-borne threats, always deploy an email security solution as part of your security strategy.

How can you protect yourself using Mail Assure?

In the SolarWinds Mail Assure™ Control Panel, there is a feature called “Block Dangerous Attachments,” which is on the Attachment Restrictions page of the default domain settings. When this feature is enabled, all the file extensions listed above are blocked by default. On top of this, to help ensure there are no harmful files in the archive attachments, zip archives are being scanned for malicious applications.


To find out how SolarWinds Mail Assure can help you protect your systems, click here.

 

Sebastian Antonescu is the technical support team manager for the Mail Assure and SpamExperts brands.

 

 © 2018 SolarWinds MSP UK Ltd. All rights reserved.

 
The SolarWinds and SolarWinds MSP trademarks, service marks, and logos are the exclusive property of SolarWinds MSP UK Ltd. or its affiliates. All other trademarks are the property of their respective owners.

 

Additional reading

Our Top 10 Email Malware of All Time
Top Social Engineering Techniques Trending on Email 
The Email Security Education Series: What Does a Phishing Campaign Look Like?
You might also like...
Security

February 2021 Patch Tuesday: Many “Exploitation More Likely” and an update to a Netlogon fix from last year

Security

What Do Auto Racing and EDR Have in Common?

Automation

What the Head Nerds Were Up to in 2020

Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

Documentation Management API and Why It’s Important for the MSP Business

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • Three things I learned working for an MSP
  • Earning word-of-mouth referrals for your IT business
  • Backup automation part 1: Deploying backup devices
  • Ultimate Guide: MySQL Backup
  • Most common automation requests and how to solve them: Ep 2
Categories:
  • Security (240)
  • Tips & Advice (130)
  • Best Practices (97)
  • Backup & Disaster Recovery (96)
  • Managed Services (89)
  • The Head Nerds (82)
  • Business Growth (79)
  • IT Support (43)
  • Business (41)
  • Automation (40)
  • Operations (38)
  • Cybersecurity (37)
  • Mail (33)
  • Remote Management (30)
  • ITSM (26)
  • Networking (22)
  • Data (21)
  • Cloud Computing (21)
  • Marketing (15)
  • PSA (13)
  • Product (11)
  • Service Desk (6)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • GDPR (3)
  • Internet of Things (3)
  • Customer Service (3)
  • Research & Trends (2)
  • Training (2)
  • LOGICcards (1)
  • Cybersecurity Awareness Month (1)
  • Business Risk (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.