What is Malware? It is malicious software that, once installed on a user’s computer, can cause various problems such as deletion or blocking of data, sending spam or collecting personal information. The damage caused by malware can be irreparable and, in some cases, can even put a company’s IT security at risk. Malware is usually spread via infected emails or websites.
The sLoad malware is a trojan that spreads via PEC. Usually, it comes as a ZIP or PDF file attached to an email message. If the user opens the file, the malware installs itself on the computer. It starts doing harmful things, such as stealing personal information, locking the computer or sending spam to other users.
sLoad is by no means a novelty in the cyber security panorama, so much so that last January, more than 100,000 certified e-mail boxes were infected very quickly. More recently, in October 2022, the AgID reported another malspam campaign on its website to disseminate a variant of the salad malware to the PEC boxes of companies and organizations.
The power of sLoad and malware spread via PEC is that certified mail is more secure than traditional email. After all, unlike regular e-mail, PEC uses an encrypted protocol, making it difficult for malicious people to intercept messages. However, this false certainty leads users to let their guard down. Added to this is the fact that the infected messages are very credible.
As explained by AgID, an infected PEC message resembles a standard email, complete with a subject and dynamic internal links, i.e., capable of changing according to the recipient to make the message more credible. The body of the email can refer to different topics. For example, the October malware campaign exploited the topic of non-payments and, therefore, carried wordings such as “Invoice payment reminder letter” or “Late payment of invoice”.
The text always contains a ZIP attachment to download or a link to click (in the case of the October campaign, the link referred to the alleged unpaid invoice). When clicked, the link starts the automatic download of a file or a ZIP folder containing decoy files with common extensions, such as jpeg or pdf, and an executable file of type WSF which, when opened, starts the installation of the malware. Obviously the user does not notice the installation nor, at first, its consequences.
To defend yourself against this malware, having tools to protect your computer network to detect and analyze traffic and block any threats in the bud is essential. However, since malware spreads via PEC, the real difference is made by the awareness of the user, who must pay close attention to the e-mail messages he receives.
It is, in fact, essential to recognize suspicious messages, even when they come from known senders, and, above all, not to download attachments or click on links that you need to be sure of. Furthermore, having a good antivirus and regularly updating the software used to limit vulnerabilities is beneficial. Finally, even if this is the primary element, choosing a reliable PEC manager is good.
Namirial has been accredited by AgID and authorized to manage Certified Electronic Mailboxes and domains since 2007. It has about 1 million customers and has already disbursed 800,000 PECs. The PEC is the most complete solution on the market, which combines an advantageous price with many features:
You can choose between 3 different plans:
Also Read: Best Ways To Defend Against Cyber Attack
Social media marketing and search engine optimization (SEO) are two pillars of digital marketing that… Read More
Many people consider True Wireless Stereo (TWS) headsets essential since they provide wireless communication without… Read More
“Transformation,” the new martingale for decision-makers, has been on everyone’s lips for several years. Digital… Read More
Finding the most sensible expressions for your website is one of the essential pieces of… Read More
Working in the field requires very good communication and access to always up-to-date information. Constantly… Read More
For businesses that regularly engage in competitive bidding, Request for Proposal (RFP) processes can be… Read More