WARNING! A new e-mail virus is now undetectable.

Monday, September 24, 2018

A couple of days ago, we received an e-mail from one of our clients that seemed to contain a Word file with various modifications to do on their website (something that happens to us quite often). Since we didn't have any advanced warning that we'll be receiving a list of changes to do, we thought we should verify with her. What a great decision that turned out to be! It happens that our client was infected with a virus and she was sending (without her knowledge) e-mails to all her contacts to try and infect them too.

What exactly did she send?

If you look closely at the e-mail, you can see the virus used these tricks to get us to open the file: 

• Use the name and e-mail of the infected person (nothing new here);
• Added a "Re: " in the e-mail subject of a previous e-mail she received from me;
• Used the name of her organisation in the filename (very sneaky);
• Used the full name of the infected person in her e-mail's signature;
• Used all the phone numbers associated with the infected person's organisation in her signature;
• Included the content of a previous e-mail.

In addition to all of this, the e-mail was even written using a font colour that person often uses. The only clue we had initially was that this client normally sends her e-mails in French (although it was still plausible that she would write us in English). Knowing that French viruses exist nowadays, we might not be as lucky next time.

How to protect yourself?

It's not easy to protect yourself from this kind of e-mail, but there are still some things you can do that will give you better odds of not being infected: 

• If you weren't waiting after an e-mail from that person, contact them to know if they're really the ones who sent it (that's what we did in this case);
• Take a close look at the details in the e-mail in regard with all their previous e-mails to see if anything changed. In this case, the language used was different and her signature, although realistic, was a little different than her normal signature (it was missing a logo and her postal address);
• If it's available, look at the original message (in the bottom of the e-mail). By making a complete analysis, we've noticed that the "ê" of the word "être" was incorrect (it was caused by a change in the e-mail's encoding).

The rule-of-thumb is, if you receive an e-mail with a file attached to it, always check with the person who sent it to you if it's a real file or a virus (basically, attached file = gotta verify!). Don't hesitate to share this article with your friends to inform them of the danger lurking!