Malware Can Hide From Email Scanners in Virtual Hard Drives

Matthew.Rosenquist
1 min readOct 24, 2024

This is an interesting tactic by cyber attackers — using virtual machine hard drive files to bypass email malware filters!

Never underestimate the creativity and resourcefulness of intelligent adversaries in finding ways to leverage technology for their advantage and to deftly get around security controls.

The use of virtual machine hard drive files like .vhd and .vhdx can be opened in windows and function like a physical drive. They are perfect to hide malware from email gateways and network perimeter filters looking for dangerous files and compressed volumes.

The natural response should be for security filters to access and scan the contents of virtual drives before allowing them to be delivered to potential victims. Sounds simple, but there are some interesting nuances that need to be considered, and of course the attackers would also respond in kind.

This kind of maneuvering warfare is typical and is part of the never-ending game of cybersecurity!

Related Article: https://www.csoonline.com/article/3575345/threat-actors-increasingly-using-malicious-virtual-hard-drives-in-phishing-attacks.html

--

--

Matthew.Rosenquist
Matthew.Rosenquist

Written by Matthew.Rosenquist

CISO and cybersecurity Strategist specializing in the evolution of threats, opportunities, and risks in pursuit of optimal security