Security News Phishers Use 'ZeroFont' Technique to Bypass Office 365 Protections

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,054
Cybercriminals have been leveraging a technique that involves manipulating font sizes in an effort to increase the chances of their phishing emails bypassing the protections implemented by Microsoft in Office 365.

According to cloud security company Avanan, one of the phishing protections in Office 365 involves natural language processing in order to identify text typically used in fraudulent or malicious emails.

For instance, researchers say the system flags emails mentioning “Apple” or “Microsoft” but not coming from legitimate domains, or messages referencing user accounts, password resets or financial requests.

In recent attacks spotted by Avanan, cybercriminals sent out phishing emails in which some of the content is set to be displayed with zero-size font using <span style="FONT-SIZE: 0px">. The security firm has dubbed this technique ZeroFont.

The email looks normal to the user, but Microsoft’s filters read the entire text, even if it’s displayed with a font size of “0”. The user sees this:


phishing_zerofont1.png


But Microsoft’s systems will analyze the following text, which includes strings that are invisible to the user due to the "FONT-SIZE: 0px" attribute:

phishing_zerofont2.png


“Microsoft can not identify this as a spoofing email because it cannot see the word ‘Microsoft’ in the un-emulated version. Essentially, the ZeroFont attack makes it possible to display one message to the anti-phishing filters and another to the end user,” Avanan’s Yoav Nathaniel said in a blog post.

Last month, Avanan reported that cybercriminals had been splitting malicious URLs in an effort to bypass the Safe Links security feature in Office 365.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top