RSS Alerts

Related Links

Related Stories

  • Microsoft cautions WinXP users to avoid the F1 key
    A new VBScript vulnerability that is apparently being exploited by hackers in the wild has caused Microsoft to warn Windows XP users to avoid hitting the F1 function key if requested to by a website.
  • Zero Day of the Dead
    The data load that has accompanied the globalization of trade would make even Atlas stagger. And that’s without the added burden of counter-terrorisAs you read this, zombie programs are flitting across the internet like a pestilence to infect and drain the life from innocent computer systems. Yet, for all the aggravation and grief they cause, you may never know you are part of a global invasion of the system snatchers, says William Knight. Unless…
  • New zero-day Internet Explorer 6/7 vulnerability allows trojan to slip through
    The steady stream of vulnerabilities discovered in Internet Explorer has continued with the revelation that a zero-day issue with IE 6.x and 7.0 allows a trojan that can steal personal and sensitive data to sneak on to a user's PC.
  • HMRC phishing attacks offer cash rebate as lure
    Yesterday was the last day in which UK taxpayers could file their 2008/2009 tax returns online – without getting fined for being late – and HMRC reports that tens of thousands of fraudulent phishing emails were sent out last week.
  • Comment: Making protection against the impossible information security threats, possible
    The information security industry is changing and as more and more crime is committed online, security software vendors will have no choice but to adjust. Kevin Hogan, director of Symantec’s response centre explains how it is leading the market in responding to this shift…

News

Arbor Networks warns on MIME sniffing-based phishing attacks

30 March 2009

Hiding data within digital pictures - known as steganography in security circles - has been known about for years, but now it appears the darkware community have taken the technology concept one step further and are hiding HTML and Java code calls within images when sending out phishing emails.

According to Arbor Networks, the DDoS security specialist, a new type of phishing attack that includes images with hidden HTML and Javascript calls in them has started appearing.

The code calls appear to exploit a problem with Internet Explorer's MIME (Multipurpose Internet Mail Extension) security and trigger a fake eBay login page.

The page call normally generates an error message on Mozilla Firefox and Apple Safari web browsers, but Internet Explorer, says Arbor, appears to execute the code normally.

Infosecurity notes that the problem stems from the way that Internet Explorer 4 and above detects a MIME call.

Whilst accessing a file from the MIME call, Internet Explorer automatically checks the type of content and, under certain circumstances, ignores the file name extension or content type stated in the MIME call.

Because Internet Explorer 4 and above interrogates the first 256 bytes of the called file, the ‘image’ can contain HTML jumps and/or Javascript calls, which Internet Explorer then acts upon.

This technique has been used for cross-site scripting attacks in the past but Infosecurity notes this appears to be the first time it has been used in a phishing email.

 

This article is featured in:
Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water