On 9 Feb 2021, at 18:37, Kenneth Porter wrote:
<https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/>
I'm reminded of the recent post suggesting that SA parse QR codes to
feed URLs to block lists.
The email includes a web document pretending to be an Excel document
(double extension .xlsx.hTML) that contains a JavaScript Morse decoder
and a string with the URLs encoded in Morse.
I see two ways to block this: 1) MUAs should ignore code in HTML.
All minimally secure MUAs ignore any embedded JavaScript. Any MUA
written in this century that executes JavaScript should itself be deemed
malware.
2) A malware scanner like ClamAV should watch for this kind of stuff.
Sure, why not.
Not sure how this is SA-related.
--
Bill Cole
[email protected] or [email protected]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
