We have been observing a rise in the use of .chm files as email attachments and/or malicious downloads to automatically execute malware on a machine and encrypt its contents. Chm files are compiled HTML documents commonly used to deliver instruction manuals but can include external URLs via JavaScript code.
What is the risk?
Chm files are not commonly blocked by email filters and when they are inspected by security devices, will pass through. The .chm files we have observed have been successfully installing Cryptowall, malware used to encrypt a user’s files and hold them to ransom.
What should be done?
Chm files are rarely used, so it is advisable to force all .chm files into quarantine for manual inspection or globally deny them.
Author - Peter Bassill
No comments:
Post a Comment