Attacks to Soar With The Use of Complex Code and Web 2.0 Applications
A report on new trends of Web security for the fourth quarter of 2006 prepared by Finjan's Malicious Code Research Center (MCRC) forecasts security trends for 2007 and points out use of stupendously dynamic code.
The Web Security Trends Report elaborates on recent cases of advanced hacker attacks exploiting Web 2.0 technologies to plant malicious code in highly frequented websites. The vulnerability was also discussed in Finjan's report of the third quarter. The current report reviews the security threats of the passing year and the security trends outlook for 2007.
Researchers at Finjan's Center have highlighted that hackers increasingly practice in diverting users to malicious sites using various code-based executions and different parameter names. These tools infect computers with spyware and turn them into botnets.
Hackers' latest trend in obviating security vendors is the use of 'dynamic code obfuscation techniques', said Finjan's chief technology officer, Yuval Ben-Itzhak.
The Finjan report cites many examples of dynamic code obfuscation techniques that Finjan's MCRC has identified. These techniques create especially treacherous threats that mitigate the skill of security vendors to detect and overcome encrypted malware. Such strategies lead the visitor to a malicious site having a different kind of astonishing code using random functions, parameter name variations etc.
A traditional signature-based security solution alone cannot counter this threat. The solution must have as many as millions of signatures to find out the presence of the particular item of malicious code and to disable it.
Ben-Itzhak opines that the growth of this technique will be linked to Microsoft's operating system Vista in that Vista will act like a platform from where dynamic code obfuscation will trigger off and flourish. This shall be supported by the increased adoption of Vista as the chosen OS by computer users.
In addition to above issues the Finjan report delineates two latest incidents in which hackers infected unwary users through the popular Wikipedia encyclopedia and MySpace social networking site. They are real-time examples of applications of Web2.0 technologies to spread malicious attacks. The Finjan's Q3 report similarly discussed how malicious code is embedded in popular websites to victimize innocent users.
Related article: Attacks On IM And Chinese Malware On The Rise
» SPAMfighter News - 15-01-2007