cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Reliable Contributor marcus69
Reliable Contributor
Report Inappropriate Content
Message 1 of 2

Problem with embedded and encoded Javascripts

Hi all

This week we've discovered some Mails with a nasty method how to sneak throught Email Gateway filters:

Mails come in pretending to have an embedded excel Spreadsheet hiding behind an excel icon graphic.

Behind that there is attached html-file that contains an embedded and encoded Javascript.

xls-fake.jpg

Here's an excerpt of the source code within the html file:

sourcecode.jpg

The Emailgateway does not detect any Javascript by filetype here, as it is a html/txt Document, and shows no offending code on the first glimpse.

Unescaping the Codesequence reveals a Phishing Site on this case.

In my opinion this is the prestep of the next Malware wave as this bypasses AV-Engine and Javascript Filetype detection.

If these mails manage to get pass the Antispam and Reputationfilters, and You have no Webgateway or Advanced Threat Defense, You're may be doomed.

Best Regards,

   Marcus

PS: Did some enhanced Testing on this. One solution can be to filter HTML attachments by Filetype. HTML Email Content is not affected on this, only attachments.

1 Reply
runcmd
Level 10
Report Inappropriate Content
Message 2 of 2

Re: Problem with embedded and encoded Javascripts

I might be a day late and a dollar short on this one, but...  If you create a custom compliance dictionary that applies to everything and contains the strings "<script" and/or "</script>", and then add that dictionary to the "Spam Terms" component of the anti-spam settings for your inbound mail rule, wouldn't that help stop these?  That should block anything inbound that appears to contain a script.  (Unless you actually do need to receive some messages containing scripts.)

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community