Some malwares arrive as email attachment of spam email messages that use social engineering method to lure users to open and execute it.
Notable malwares that use this technique are WORM_BAGLE and TROJ_UPATRE. The TROJ_UPATRE downloads ZBOT (also known as ZeuS), which eventually downloads CRILOCK/CRYPTOLOCKER or FAKEAV.
Learn how to detect these malwares in email attachments through Messaging products of Trend Micro.
The Virus or Smart pattern files of Trend Micro can detect malicious attachments. However, as an added security measure, Trend Micro's Messaging products include a feature to block or filter email attachments.
Below are the Trend Micro's Messaging products and their procedures to enable attachment blocking:
Worry-Free Business Security (WFBS) and ScanMail for Exchange (SMEX)
Detect the EXE file type inside a ZIP or compressed file using the Attachment Blocking feature available in WFBS and SMEX by following the article Blocking EXE file within a ZIP file using the Attachment Blocking of WFBS and SMEX.
Filter the EXE file type within an encrypted or password-protected file in WFBS and SMEX by following the article Blocking an encrypted or password-protected file in WFBS and SMEX.
Hosted Email Security (HES)
For HES, use the Attachment True File Type criteria to scan attachments.
InterScan Messaging Security
For InterScan Messaging Security products, you can block EXE files inside a ZIP file.
You may also detect password-protected ZIP files in InterScan Messaging Security.
ScanMail IBM for Domino (SMID)
For SMID, scan email attachments by following the article Detecting and blocking attachments within compressed files in SMID.
For password-protected files, refer to the article Blocking password-protected files in SMID.
You may refer to the article Common file types used by malware as email attachment for more information.
