Feeds

Beware of malformed MIME artists

Content checking bypass ploy

  • alert
  • submit to reddit

Internet Security Threat Report 2014

The UK's top UK security co-ordination agency today warned of a series of vulnerabilities involving implementations of the Multipurpose Internet Mail Extensions (MIME) protocol within email and web security products. In a series of eight technical advisories the UK's National Infrastructure Security Co-ordination Centre (NISCC) explains how malformed MIME constructs might be exploited to allow attackers to bypass content checking and antivirus tools. MIME is a standard method for encoding email attachments so the extent of the problem highlights a gaping security hole that might be used by virus writers to smuggle hostile code past security defences.

The issue was uncovered in tests by a UK-based security firm Corsaire. Corsaire developed a test suite for content checking systems on behalf of a client in the insurance industry last year. Tests at the client revealed a number of security problems. These findings prompted further research on the 10 most common content checking and AV gateway products that unearthed a large number of varied security loopholes.

Many different viruses use malformed MIME content - such as SirCam, Nimda, NetSky and BadTrans - so the vulnerability of many common AV products came as an unpleasant surprise to Corsaire. "We were surprised to find so many and taken back to find manufacturers were not running the same tests as us. Many of the tests were quite elementary," said Martin O’Neal, technical director at Corsaire. Corsaire said it found between 30 to 130 vulnerabilities in each product. NISCC grouped these vulnerabilities together under eight categories for the sake of simplicity.

Corsaire worked throughout the last year in partnership with the UK NISCC team to ensure that the affected vendors have had access to the relevant information and tools to reproduce and correct the issues. A security alert issued by NISCC through the UNIRAS reporting scheme explains the security exposure of various vendors to the issue.

According to Corsaire many of the security vendors have already silently released patched versions of their software over the last 12 months. Others are promising to address the issue in the next version of affected products (e.g. F-Secure promise to fix a limited vulnerability to its Secure Internet Gatekeeper software with release 6.41, scheduled for beginning of Q4 04). Apple, HP, MessageLabs and Mozilla state that their respective products are safe from exploitation. Other vendors are yet to make a public pronouncement on the issue. Corsaire advises anyone who is in doubt as to the status of the products used within their environment to contact their vendors. ®

Related stories

UK.gov deploys IT early warning system
Brits pound OpenSSL bugs
The trouble with anti-virus
NetSky tops virus charts by a country mile
BadTrans virus bites Windows users hard

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.