Email attachments have become a favored delivery vector for malware campaigns. In response, email attachment detectors are widely deployed to safeguard email security. However, an emerging threat arises when adversaries exploit parsing discrepancies between email detectors and clients to evade detection. Currently, uncovering these vulnerabilities still depends on manual, ad hoc methods. In this session, we perform the first systematic evaluation of email attachment detection against parsing ambiguity vulnerabilities. We propose a novel testing methodology, MIMEminer, to systematically discover evasion vulnerabilities in email systems. We evaluated our methodology against 16 content detectors of popular email services like Gmail and iCloud, and 7 popular email clients like Outlook and Thunderbird. In total, we discovered 19 new evasion methods affecting all tested email services and clients. We further analyzed these vulnerabilities and identified three primary categories of malware evasions. We have responsibly reported those identified vulnerabilities to the affected providers to help with the remediation of such vulnerabilities and received acknowledgments from Google Gmail, Apple iCloud, Coremail, Tencent, Amavis and Perl MIME-tools. By: Jiahe Zhang | PhD Student, Tsinghua University Jianjun Chen | Associate Professor, Tsinghua University Qi Wang | Ph.D. Student, Network and Information Security Lab (NISL), Tsinghua University. Hangyu Zhang | Ph.D. Student, Network and Information Security Lab (NISL), Tsinghua University Shengqiang Li | Undergraduate Student, Tsinghua University Chuhan Wang | Ph.D., Network and Information Security Lab (NISL), Tsinghua University Jianwei Zhuge | Associate Researcher, Network and Information Security Lab (NISL), Tsinghua University Haixin Duan | Professor, Network and Information Security Lab (NISL), Tsinghua University Full Abstract and Presentation Materials: https://ift.tt/WGXNECx
source https://www.youtube.com/watch?v=eZjP91Ly1r4
-
Germany recalled its ambassador to Russia for a week of consultations in Berlin following an alleged hacker attack on Chancellor Olaf Scho...
-
Android’s May 2024 security update patches 38 vulnerabilities, including a critical bug in the System component. The post Android Update ...
No comments:
Post a Comment