Search the Community
Showing results for tags 'attachments'.
Found 2 results
Karlston posted a topic in Security & Privacy NewsA Simple New Tool Lets You Open Email Attachments Without Fear Dangerzone takes potentially malicious files and safely sanitizes them for you. Email attachments are a popular spot for hackers to hide malware. A new tool called Dangerzone sanitizes them for you.Photograph: David Gould/Getty Images Opening email attachments from untrusted senders has long been one of the easiest ways to get hacked. But unlike other common security screwups—using "password" for your password, downloading pirated software from shady websites—there's no practical way for a modern human to avoid opening the occasional mystery-meat attachment. Now one technologist has produced a solution. Micah Lee, the head of information security for First Look Media, plans to release an alpha version of a free tool called Dangerzone on GitHub a week from Sunday, timed to a talk about it at the Nullcon conference in Goa, India. Dangerzone is a simple quarantine program that allows anyone to sanitize untrusted documents, neutering any tracking beacons, malicious scripts, or other nastiness that those files might carry. Lee says he decided to build Dangerzone after years of helping journalists like those at the Intercept, the investigative news site owned by First Look. Like all reporters, the Intercept's newsroom sometimes needs to open attachments sent by unknown sources that might contain anything from a megascoop to malware. After some testing, Lee plans to host Dangerzone on its own website, like his earlier software invention, the Tor-based file-sharing tool Onionshare. "The problem with opening up attachments from untrustworthy sources is that they can be malicious and hack your computer," Lee says. "I wanted a way for people to make documents safe on their own, without having to send them to someone on the security team to neuter them. I wanted to make this easier for everybody to do." Hackers frequently use malicious attachments to get a foothold inside a target network, from the Russians whose cyberattacks on Ukrainian power utilities began with tainted Microsoft Office docs to the Iranian spies recently targeting governments across the Middle East with booby-trapped emails. Even Tibetan buddhist monks targeted by the Chinese government joke that they've learned to "detach from attachments" after years of attacks. Dangerzone via Andy Greenberg Dangerzone allows you to open sketchy documents—PDFs, Word docs, PowerPoints, and their LibreOffice and OpenOffice equivalents, as well as picture formats like .jpgs, .pngs and .gifs—in a sandboxed "container" on your machine, a part of the operating system that has no access to other parts of the computer or to the internet. To create that offline, quarantined aquarium, Dangerzone uses the popular, free container software Docker, which it also installs automatically when you first run the program. After you open the suspect file in that sealed box, Dangerzone uses the open-source software LibreOffice to convert anything that's not already a PDF to a PDF format. It then uses the open-source software Poppler and ImageMagick to reduce that PDF further to red, green, and blue pixels. From those raw visual ingredients, it rebuilds the document in a second container, recreating a sanitized PDF with no hidden code, animations, or even web links. (Thanks to that pixel-rebuilding process, the software outputs a PDF regardless of the file format it takes in.) Dangerzone also uses the optical character recognition software Tesseract to convert letters and numbers in the PDF back to machine-readable text, letting you copy text from and search the file. Think of it like taking a piece of paper that someone has sneezed on and putting it in a Xerox machine. The copy that comes out is visually identical to the original, but carries none of the potential risk of infection. Also like that Xerox copy, the documents that Dangerzone produces aren't exact replicas. When WIRED tested an early version of Dangerzone, it worked perfectly to create sanitized PDFs out of most PowerPoint, Word, and PDF files, though it took as much as a few minutes in some cases to convert them. But other document types came out more mangled: GIFs, as you might expect, turned into inanimate, multipage PDFs filled with some strange pixelated images on some pages. Excel spreadsheets turned into collections of numbers floating on white pages rather than a neat grid, and some PowerPoint slides were rotated 90 degrees for some reason. One PowerPoint with an embedded video resulted in a "Failed :(" message. Despite those quirks and a few lingering bugs, Dangerzone represents a long-overdue attempt to help ordinary people open attachments without fear, says Harlo Holmes, the director of newsroom digital security at Freedom of the Press Foundation. Holmes points out that some technically sophisticated and paranoid users already use other tricks to neuter dangerous attachments, like opening them in virtual machines, or in the ephemeral operating system Tails, or by exploiting a feature of the operating system Qubes that can convert PDFs to "trusted PDFs." But Dangerzone, at least when it's out of its testing phase, will bring the same security to the overwhelming majority of people who don't run obscure operating systems or casually spin up VMs. "This is going to equalize everyone's security when they open stuff on their computers day to day," Holmes says. "It simplifies everything and gives people a vast degree of security they wouldn't have had otherwise." Holmes warns that, like any security software, no one should put too much trust in an early test version of Dangerzone. Lee himself concedes that an attacker could find vulnerabilities in LibreOffice—which Dangerzone uses to open documents—and also in Docker, which combined could let malicious code break out of the quarantine and run on a target computer. But Dangerzone nonetheless significantly raises the bar for attackers, and thanks to its simple design doesn't present any obvious ways to defeat its security. "It still has quite a ways to go before anyone should blithely just run it and expect it to stand up to the most targeted and extreme cases," Holmes says. "But the simplicity of it goes a long way." For the vast majority of people who have to open files sent to them by strangers on a regular basis, even an imperfect solution may be better than the alternative: double-clicking on that shady attachment and rolling the dice. Source: A Simple New Tool Lets You Open Email Attachments Without Fear (Wired)
Karlston posted a topic in Security & Privacy NewsGmail Is Catching More Malicious Attachments With Deep Learning Users of Gmail get 300 billion attachments each week. To separate legitimate documents from harmful ones, Google turned to AI—and it’s working. Photograph: Getty Images Distributing malware by attaching tainted documents to emails is one of the oldest tricks in the book. It's not just a theoretical risk—real attackers use malicious documents to infect targets all the time. So on top of its anti-spam and anti-phishing efforts, Gmail expanded its malware detection capabilities at the end of last year to include more tailored document monitoring. Good news, it's working. At the RSA security conference in San Francisco on Tuesday, Google's security and anti-abuse research lead Elie Bursztein will present findings on how the new deep-learning scanner for documents is faring against the 300 billion attachments it has to process each week. It's challenging to tell the difference between legitimate documents in all their infinite variations and those that have specifically been manipulated to conceal something dangerous. Google says that 63 percent of the malicious documents it blocks each day are different than the ones its systems flagged the day before. But this is exactly the type of pattern-recognition problem where deep learning can be helpful. Currently 56 percent of malware threats against Gmail users come from Microsoft Office documents, and 2 percent come from PDFs. In the months that it's been active, the new scanner has increased its daily malicious Office document detection by 10 percent. "Ten percent matters," Bursztein told WIRED. "We're trying to close the gap as much as possible. We want to keep adding machine learning everywhere we can, where it makes sense. Machine learning does amazing things sometimes, but sometimes it’s overhyped. We try to use it as an extra layer rather than the only layer. We think that works way better." The document analyzer looks for common red flags, probes files if they have components that may have been purposefully obfuscated, and does other checks like examining macros—the tool in Microsoft Word documents that chains commands together in a series and is often used in attacks. The volume of malicious documents that attackers send out varies widely day to day. Bursztein says that since its deployment, the document scanner has been particularly good at flagging suspicious documents sent in bursts by malicious botnets or through other mass distribution methods. He was also surprised to discover how effective the scanner is at analyzing Microsoft Excel documents, a complicated file format that can be difficult to assess. Though a 10 percent detection increase may not sound like a lot, it's a massive improvement at the scale Google is working on, and any gains are productive given that the threat of malicious documents is a real concern around the world. Bursztein says that companies and nonprofits are three times more likely to be targeted by malicious documents than other organizations, and that government entities are five times more likely. Some industries are more likely than others to be targeted, as well. Transportation and critical infrastructure utilities, for example, have a much higher risk than the education sector. The prevalence of malicious document attacks varies around the world, but for attackers the approach is always an option. Bursztein points out that kits for crafting malicious documents and tailoring them to evade antivirus scanners are readily available in online criminal forums, ranging in price from about $400 to $5,000. While the scanner is catching more malicious documents than ever, Bursztein and his colleagues will continue to refine it in the hopes of blocking an even bigger chunk of the malware sent to Gmail accounts worldwide. "Malware is something we did after spam and phishing, because malware is a bit harder," he says. "We don't have the malware itself in an email; the documents are all we have at that point. But we always want to improve our detection capabilities and with malicious documents we chose the one where we could make the most impact for our users." When a full-blown hack is just a rogue Word document download away, users will take whatever extra protections they can get. Source: Gmail Is Catching More Malicious Attachments With Deep Learning (Wired)