Malware hidden in Drive Images (.img Files)

BWC

Hi,

in the recent weeks I experienced more and more Malware that slips through the Email Security Appliance (and probably Hosted Email Security as well). This happens when the bad actor is using .img Files as vehicle of choice and putting the load in this Drive Image.

I've seen all types of malicious content in it, but current campaigns seem to favor .exe and .chm files.

Because AV and Capture ATP was not able to detect, I strongly suggest to block any .img Files via Filter Policy. If you already use the built-in "Strip Potentially Dangerous File Attachments" just add .img as another Suffix.

--Michael@BWC