Antivirus software does quite well against opportunistic attacks sent out to a massive number of people in hopes of getting some small fraction to click on a link or open a file. But attacks targeting just a few people, or even a single person, are much harder to detect.
Security firm Symantec aims to tackle this problem, announcing last week it will add a new feature to its messaging security software that will create clean versions of any file sent to a company’s employees.
In addition to attempting to detect malicious files, the company’s email gateway software will clone any Microsoft Office or Adobe PDF file – two formats commonly used by attackers to deliver malicious code – creating a copy that has been cleansed of any potential scripts and malware. The approach, which the company calls Disarm, will sanitise the files, rather than attempt to detect whether they will do something bad, said Kevin Haley, director of Symantec’s security response group.
Targeted attacks, also known as advanced persistent threats (APTs), typically use email messages specifically crafted to persuade the target to click on the malicious link or open the attachment.
Because the messages appear to come from a recogniseable contact or colleague, targeted employees are more likely to fall for the fraud. Known as spearphishing, the technique has led to the compromise of many major companies, including security firm RSA, the New York Times, and numerous other companies, government agencies and nonprofit organisations.
Since attackers have access to the types of antivirus software used by their victims, they can tailor attacks to evade the defenses. Sanitising the files allows Symantec to make the files safe. To test the approach, Symantec processed every targeted attack that the company recovered in the past year and found that 98 percent were blocked by Disarm.
“These are attacks that were entirely unknown and would therefore have likely evaded all traditional scanners, heuristics, emulators and even Virtual Execution (VX) solutions,” Symantec said in a blog post about the new technology.
Sanitising files is not necessarily a new approach. A variety of scripts exist on the Internet to pull out personal information from documents, a simplified version of what Symantec has done. And companies have had the ability in the past to create a policy to block all scripts from running in Office documents.
Yet, the technique is promising as a way to prevent malicious software from running on corporate systems.
“It is a simple solution, but a very powerful one,” Haley said.
Are you a security pro? Try our quiz!
Originally published on eWeek.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…