MDaemon Technologies Blog

Phishing Email Posing as U.S. Dept of Treasury Spreads Malware

By Brad Wyro

This week, we learned of a new round of malware being distributed via phishing emails claiming to be from the U.S. Department of the Treasury.

Phishing email Dept of Treasury

The phishing email asks the recipient to review an attachment called ‘CONTRACT PAYMENT.zip’ which contains a file called ‘CONTRACT PAYMENT.jar’.

If this file is launched, it unleashes malware that modifies the Windows Registry so that it runs every time the victim logs into Windows, and once installed, it will have full control over the computer, including the ability to execute commands, delete or create files, or steal passwords from other applications.

If you’ve been infected by this malware, you should change all passwords that have been saved in your browser or in any other applications, and then the network administrator should perform a security audit of the entire network to ensure no other devices were infected.

Best Practices for protecting users with MDaemon Email Server & Security Gateway for Email

Businesses using MDaemon and Security Gateway can take the following steps to protect against these types of threats.

Email Security Recommendations for Security Gateway

To protect against these and other malicious attachments, Security Gateway administrators should make sure virus scanning is enabled under Security | Anti-Virus | Virus Scanning. Make sure both antivirus engines are being used (see “Virus Scanning Engines” at the bottom of the Virus Scanning screen).

EN_SecurityGateway-Email-Spam-Firewall_AntiVirus-1

Hackers often hide malware inside password-protected ZIP files. To prevent these attachments from reaching users, it’s also a good idea to enable the option “Quarantine messages that cannot be scanned.”

You can also configure rules to filter out messages containing compressed files or other types of attachments, and either quarantine them for administrative review, or block them completely.

EN_SecurityGateway-Email-Spam-Firewall_Attachment-Filtering (1)

Security Gateway administrators can also follow these best practices to protect users from spam, phishing, malware, and other email related threats.

For the full list of recommendations, check out our post on 15 Best Practices for Protecting Your Email with Security Gateway.

Email Security Recommendations for MDaemon Email Server

MDaemon can help protect against these threats as well. The content filter includes rules to filter out attachments by type, as well as an option to check for restricted attachments within ZIP and RAR attachments.

MDaemon email server restricted attachment configuration

We also recommend using MDaemon Antivirus with every installation of MDaemon to detect the latest spam & virus outbreaks and block new & emerging threats via Cyren & ClamAV.

MDaemon Email Server Antivirus

You’ll find additional email security tips for both MDaemon and Security Gateway in our recent post "How to Protect Your Email from Cyber Threats."

Stay safe & always double-check the source and authenticity of any email you receive. Not doing so could spell disaster.

 

Tags: Phishing

Brad Wyro

Written by Brad Wyro

BACK TO ALL ARTICLES