FYI...
WSF email attachments - latest malware delivery vehicle
- https://www.helpnetsecurity.com/2016...ware-delivery/
Oct 13, 2016 - "Most users have by now learned not to open executable (.EXE), various MS Office, RTF and PDF files delivered via -unsolicited- emails, but malware peddlers are always trying out new ways to trick users, email filters and AV software... According to Symantec*, Windows Script Files (WSFs) are the latest file types to be exploited to deliver malware via email...
> https://www.helpnetsecurity.com/imag...ttachments.jpg
Number of blocked emails containing malicious WSF attachments by month "
Surge of email attacks using malicious WSF attachments
* https://www.symantec.com/connect/fr/...sf-attachments
12 Oct. 2016 - "Symantec has seen a major increase in the number of email-based attacks using malicious Windows Script File (WSF) attachments over the past three months. Ransomware groups in particular have been employing this new tactic. In the past two weeks, Symantec has blocked a number of major campaigns distributing Locky (Ransom.Locky) which involved malicious WSF files...
Malicious WSF files have been used in a number of recent major spam campaigns spreading Locky. For example, between October 3 and 4, Symantec blocked more than 1.3 million emails bearing the subject line "Travel Itinerary." The emails purported to come from a major airline and came with an attachment that consisted of a WSF file within a .zip archive. If the WSF file was allowed to run, Locky was installed on the victim's computer...
> Tips on protecting yourself from ransomware
Regularly back up any files stored on your computer. If your computer does become infected with ransomware, your files can be restored once the malware has been removed.
Always keep your security software up to date to protect yourself against any new variants of malware.
Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by attackers.
Delete any suspicious-looking emails you receive, especially if they contain links or attachments.
Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email."