Ropemaker Allows Attackers to Change the Content of an Email—After It's Delivered

Discussion in 'malware problems & news' started by itman, Aug 22, 2017.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,731
    Location:
    U.S.A.
    I was just reading a web posting yesterday how this activity occurred to a corp. user. Somehow malware had managed to change the bank account numbers in an outgoing e-mail and he had no clue how it happened. At least now, he has a clue.
    https://www.infosecurity-magazine.com/news/ropemaker-change-content-email/
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,558
    Interesting article, but doesn't give any info about how it would access the inbox
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,731
    Location:
    U.S.A.
    E-week has a few more details here: http://www.eweek.com/security/ropemaker-email-exploit-exposes-desktop-clients-to-security-risks along with the following mitigation I already use in my e-mail client:
    Also this tidbit:
    Mimecast has a whitepaper supposedly with all the details. Of course, you have to register for it.
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,989
    Location:
    California
    Wow! The dangers of HTML email have been talked about since the 1990s...so nothing new here, except the CSS trickery.

    I suppose organizations have to use HTML email, I don't know... but home users can use a text-based email program.

    ----
    rich
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,989
    Location:
    California
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,731
    Location:
    U.S.A.
    And "that's the rub" since the majority of phishing attacks, especially spear phishing ones, are targeted toward them.

    For home users, the mitigation for this should be directed to ISP's and e-mail providers since they are already scanning all incoming e-mails to their servers.
     
    Last edited: Aug 23, 2017
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,731
    Location:
    U.S.A.
    Bleepingcomputer.com has a lot more detail on the attack here: https://www.bleepingcomputer.com/ne...-attackers-change-your-emails-after-delivery/

    Also this comment:
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.