Quick Links
Avanan Blog Attack Briefs Events Webinars
Anti-Phishing Avanan vs ATP Contact Us About Us
  • Search
  • Support
Avanan
  • Solutions
    Platforms
    • Microsoft 365
    • G Suite
    • Slack
    • Teams
    • File Sharing
    • All Solutions
    Security
    • Anti-Phishing
    • Malware & Ransomware
    • Account Takeover Protection
    • DLP & Compliance
    • Archiving
    • Incident Response-as-a-Service
    Read Our Case Studies

    See how well we have worked for different industries

    Learn More
  • Pricing
  • Why Avanan
    Why Avanan
    • How it Works
    • About Us
    • True AI
    • Threat Calculator
    Compare Avanan
    • Compare
    • Avanan vs Other API Solutions
    • Avanan vs Secure Email Gateways
    See How Others Compare
    View Now
  • Partners
    Resellers
    • Become a Reseller
    MSP/MSSP
    • Become a MSP/MSSP
    Access Our Partner Portal
    Go Now
  • Resources
    Blog
    • Attack Briefs
    • Industry Insights
    • Cloud Security Tips
    • All Blog Posts
    Events
    • Upcoming Webinars
    • Conferences
    • Regional Events
    • All Events
    Resources
    • On-Demand Webinars
    • White Papers & Solution Briefs
    • Case Studies
    • Avanan Comics
    • Videos & Presentations
    • News
    • All Resources
    Sign Up for Attack Briefs

    Be the first to know about advanced threats, and what you can do about them.

    Sign Up
  • Free Trial
  • Get Demo

Avanan Support

Documentation

Documentation

Open a Ticket

Open a Ticket

`
  1. Blog Home
  2. Attack Briefs
  3. Dat's Bad Attack: Hackers Using .dat Files to Bypass SEGs

Dat's Bad Attack: Hackers Using .dat Files to Bypass SEGs

  • Posted by Jeremy Fuchs on May 19, 2021
    Jeremy Fuchs
    • Tweet

A .dat file is a generic file that is used in various applications. What's unique about them is that they can only be used by the application that created them.

For example, if a .dat file is created in Minecraft, it can be only used in Minecraft—it wouldn't make sense anywhere else. 

Avanan researchers uncovered an email attack that uses a .dat file to hide malicious content. Here's what it looks like:


There's nothing inherently malicious about this email as it appears, which is why it sailed past SEGs and into user inboxes. 

This .dat file was created using Outlook. So, once a user downloads and opens the file, if they have Outlook installed, it will immediately recognize and read the instructions inside the .dat file. The instructions in this particular .dat file say to extract the contents and display it as a new email. The contents are just simple HTML code, pretending to be a FedEx email:

This file contains a .zip file—and that's where the malicious file lies.

If the user were to then download that .zip file, they would be presented with this .xlsm file:

Because it is a .xlsm file, it's a macro-enabled Microsoft Excel file. If the user hits "Enable Content", then all havoc breaks loose.

This is a complicated attack and the hacker is hoping that the end-user goes through all the steps to fully execute the malicious file.

But it goes to show the lengths attackers will go to get to the inbox. And the attacker was able to sneak in malware using a .dat file that no scanner would find malicious.

Avanan caught this because our AI looked at the language used in the email, the historical reputation of the sender with the organization, and combined with the rarity of .dat files to deem this as malicious and block it from reaching the inbox.

Subscribe to Our Attack Briefs for More Research

  • Tweet
Topics:  
Blog
Attack Briefs
NEXT POST:
The Synonym Attack: Using Similar Words to Get By Scanners
Read more avanan-cloud-email-security reviews
Get a Demo

Experience the power & simplicity.

Learn More
  • Popular

Sign Up for Attack Briefs

Be the first to know about advanced threats, and what you can do about them.

Sign Up
Categories

  • Blog (561)
  • Attack Briefs (219)
  • Industry Insights (164)
  • Cloud Security Tips (65)
  • News (51)
14-Day Free Trial – Experience the power and simplicity of Avanan Cloud Security.   Start Free Trial

About

  • About Us
  • Careers
  • Partners
  • Terms of Service
  • Privacy Policy

Explore

  • Platform
  • How it Works
  • View Pricing
  • Free Trial
  • Get a Demo

Get in Touch

  • Contact Us
  • +1 (855) 528-2626 info@avanan.com 259 West 30th Street
    New York, NY 10001

    Latest From the Avanan Blog

    Hackers Dangling Fake Job Offers to Students

    Hackers Dangling Fake Job Offers to Students
    • View All Blog Posts →

    © Copyright Avanan. All Rights Reserved.