Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More
Bad guys are getting quite creative trying to evade spam filters and antivirus scanners. Last week, we have observed an influx of spam campaign targeting a Japanese audience.
Translated to English:
Subject: Photo
We always appreciate your regards. (This is a business greeting in Japanese)
Thank you for sending photos.
The spam contains a small zip file attachment and inside it is a SVG file.
Scalable Vector Graphics or SVG is a vector graphic image file defined using XML-based format. These image files are natively supported and can be viewed from web browsers such as Internet Explorer, Chrome or Firefox. Like HTML, SVG images can be represented using the Document Object Model (DOM) and can be controlled using JavaScript. Yes, you heard that right, JavaScript and this is exactly how bad guys exploit this file format. By injecting malicious JavaScript code into the file, they can redirect the browser to a malicious website.
The image below shows the inspection of the SVG file and the malicious JavaScript embedded in it.
De-obfuscating the JavaScript reveals the code that redirects the browser to download an executable.
The link was already down at the time the spam was received, but according to the folks at myonlinesecurity.co.uk it was an Urnif Baniking Trojan executable.
You may want to consider adding *.svg files to the list of suspect filetypes at your email gateway, either for quarantining or flagging. The Trustwave Secure Email Gateway has been updated to block this type of malicious spam attachment.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.