DRIVERS CLOUD
Your daily toolbox
Make a donation
You are not connected...
Connection to the site
Theme: 
Language : english
Facebook
Twitter
RSS feed

Microsoft warns of undetectable Trojan deployment technique

Written by Guillaume
Publication date: {{ dayjs(1636995605*1000).local().format("L").toString()}}
Follow us
This article is an automatic translation

HTML smuggling is gaining new "followers" every day because of the difficulty to stop it.

Not strictly speaking "new", theHTML smuggling technique consists of sending an HTML file as an attachment to an e-mail or by placing a simple link within the message. It is no longer a question of a file being directly "spoofed" in the e-mail. In fact, it is possible to bypass security software such as Windows Defender, which usually takes care of combing through attachments, but does not block on a simple HTML file that is harmless in itself.

The problem is that while this first step is perfectly harmless, it is afterwards that the attack occurs. Indeed, a feature can then come into action and cause a lot of damage in an almost invisible way for many users. Called Blobs JavaScript, it allows you to download all the components of the malware. Taken "one by one", they are seemingly harmless, but the JavaScript Blobs are then able to assemble them into the actual malware, which is then well and truly in place on the now infected machine.

The HTML smuggling technique illustrated by Microsoft

HTML smuggling builds the malware parts piece by piece under the nose of all commonly used security tools. Microsoft cites the example of the Trickbot malware spread by a group named DEV-0193 by the publisher. Last September, the group sent various emails in order to install the malware in the "downloads" folder of the targeted machines. If the strategies put in place can indeed thwart security software, they still rely on the credulity of users.

In this case, Microsoft specifies that simply disabling JavaScript is not enough to eliminate the threat. On the other hand, it is once again advisable to simply be very careful with the documents you receive by e-mail: the usual precautions can be repeated, such as not opening attachments - regardless of the file format - if you don't know the sender. Moreover, even if you think you know the sender, you should not open .js files of course, but also .htm / .html files unless you know specifically why they were sent to you.