This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Another latest spam E-mail operation, which abused a technique named “HTML smuggling” to circumvent E-mail security measures and transmit malware on users’ devices, was identified by Microsoft’s security team. This campaign has been going on for weeks.
Microsoft Corporation is an international American technology firm that develops computer software, consumer devices, computers, and associated services.
HTML smuggling is a method used to overcome security systems by malicious HTML generation behind the firewall – in the browser at the targeted endpoint.
Sandboxes, proxies, and sandboxes leveraging HTML5 and JavaScript characteristics bypass the conventional network security methods such as E-mail scanners. This is by producing the destructive HTML code on the target device in the browser that is already located within the network security perimeter.
Typically network security solutions work by analyzing the ‘wire’ or information flows from the network to search for identified malware signatures and trends within the byte stream. The destructive payloads are built on the target device in the browser through the use of HTML smuggling so that no items are passed to the network’s security systems for detection.
The underlying concept behind an HTML email-based counterfeits is to include a link to an email document, which does not look harmful if it is scanned, or to a file type that email security programs, like EXE, DOC, MSI, and others, deem to be harm
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Hackers Applying HTML Smuggling To Distribute Malware