Web-Attackers Have New Technique for Escaping Malware Identification, Says Google

Creators of malicious software are employing one particular method called IP cloaking so they can increasingly dupe anti-malware software into letting their wares infect the users' computers, reported computing.co.uk dated August 19, 2011.

Recently, security researchers Niels Provos and Lucas Ballard of Google team of security professionals said that year after year increasing malevolent websites had been observed performing IP cloaking. According to them, for evading the cloaking safeguard, scanners were run in various methods for imitating routine user traffic. Informationweek published this on August 19, 2011.

Incidentally, Provos and Ballard conducted an analysis of about 160m web-pages from about 8m websites.

Accordingly, they discovered that whereas plug-in along with Web-browser exploits continued to be common as well as social engineering tactics were trivially applicable, malware purveyors were adopting IP spoofing more and more thinking they would be able to evade detection.

In fact starting summer 2010, some 160K websites had been using cloaking domains that covered data accumulated over 5-yrs, Google's report reveals. The mentioned technique was used the maximum, 2-yrs back, when IP cloaking was applied to 200K or so websites compared to over 50K during the previous months of that year.

Furthermore, Google states that the peak use of the technique occurred when there was a massive assault wherein malware was used for infecting several thousand websites so they would divert visitors onto gumblar.cn that aggressively spoofed the company's scanners.

Meanwhile, similar to several security firms, Google keeps a watch over hijacked Internet sites. During 2008, the search giant found that those websites were no longer generating malevolent URLs for the monitoring systems it maintained; nevertheless, they continued to deliver malicious software to other people who visited the websites.

Moreover, Google's study further discovered that cyber-criminals were employing drive-by downloads and social engineering too. With social engineering they enticed end-users into taking down malware or click on a given web-link. Such an entice was ordinarily based on promises of anti-virus suites or plug-ins that not only continued to be common but also kept on increasing, with merely 2% of websites employing social engineering tricks when they disseminated malware, Google explained.

Related article: Web Browsers Too Have Security Exploits

» SPAMfighter News - 8/30/2011