Entries by Rodolfo Saccani
The mysterious protocols: SPF, DKIM and DMARC explained
Email is an ancient thing, it was born much longer before the Internet. The first email system was born in 1965 at MIT. At that time email communication was limited within the boundaries of a single mainframe, those huge and very expensive and delicate multi-user computers that occupied entire air-conditioned rooms and required continuous supervision. […]
New wave of EXCEL 4.0 malware campaigns abusing FORMULA macro function
VBA has been introduced in Excel 5.0. Before then Excel only had XLM macros, which are still supported today. XLM macros allow writing code by entering statements directly into cells, just like normal formulas. In fact they are called macro-formulas. In case you are curious, the reference document of the Excel 4.0 macro functions is […]
Email trojan horse: application/html entity
We just discovered a new trick that is currently being used to slip malicious html files through email security solutions and, in some cases, through antivirus engines. The trick is quite simple: declaring an email entity as “application/html” instead of “text/html”. “application/html” is an invalid type and this allows it to slip through some checks. […]
10 very practical suggestions for choosing an email archiving solution
What makes a good archiving solution? Count 1 to 10: 1- No vendor lock-in Archiving email is a long term commitment, you need to think long term and make sure that you will be able, in 10 or 20 years from now, to autonomously, easily and reliably make use of your email archive. If […]
Phishing campaign uses Google reCAPTCHA to avoid Sandbox detection
Recent email phishing campaigns are using Google reCAPTCHA as part of their efforts to bypass click-time protection sandboxing, requiring user interaction before delivering the actual contents of the phishing page. We have seen two different instances of such campaigns, both are targeting Office 365 users in order to collect their credentials. Implementation details suggest that […]
What’s the difference between email backup and email archiving?
Lots of differences, actually. An email backup is a snapshot of a specific point in time, it’s purpose is for recovery in case of a disaster. Email archiving does not archive a series snapshots but it preserves all data history. The purpose of the archiver is much broader: discovery, compliance, legal, search, analysis and for […]
Ramnit apparently still spreading after 9 years
It might be a targeted attack, given that we detected it only in one organization, or it might just be an ancient infection still attempting to propagate. In both cases it is an interesting case. The attack is coming via email, which is interesting given that it is a vbscript attack. Here is how the […]
How your email credentials end up in the wrong hands and how they are monetized
Anything can be monetized online, especially the credentials of your email account. Here is how they are abused. Botnets are one of the main distribution channels for malware and phishing email. A botnet can be composed of hundreds of thousands of compromised devices (increasingly IoT devices) and the command-and-control (C&C) center coordinates the activity of […]
Tracking pixels can be used to compromise enterprise security
Tracking pixels, or beacons, are widely used in email advertising, but a more subtle and dangerous use is possible. Tracking pixels are basically very small images (usually invisible to the human) embedded in the email, whose content is loaded from a server when the email is opened. When your email client loads this image from […]
LIBRAESVA SRL
Piazza Cermenati, 11
23900 Lecco - ITALY
VAT ID: 03442930131
LIBRAESVA LIMITED
Spaces, 9 Greyfriars Rd
Reading RG1 1NU - United Kingdom
VAT ID: 274381685