Quantcast
Subscribe to magazine

Sneaky Hack Ducks Detection

Jeremy Kirk, IDG News Service

  • 0 Yes
  • 0 No

A new hacking method is causing concern for the lengths it goes to avoid detection by security software and researchers.

The attack involves a Web site that has been hacked to host malicious code, an increasingly common trap on the Internet. If a user visits one of the sites with an unpatched machine, it's possible that the computer can become automatically infected with code that can record keystrokes and steal financial data typed into forms.

The new method, which uses special JavaScript coding, ensures that malicious code is only served up once to a computer that visits the rigged site, said security vendor Finjan Inc.

"These attacks represent a quantum leap for hackers in terms of their technological sophistication," according to the report. "Equally important, this minimizes the exposure of the malicious code to forensic analysis or security research, as there is just one opportunity for a visitor to actually see the code."

After a user visits the malicious Web site, the hackers record the victim's IP (Internet protocol) address in a database. If the user goes to the site again, the malicious code will not be served, and a benign page will be served in its place, Finjan's report said.

It's also possible for hackers to block exposure of malicious code for users in a particular country. Also, the hackers can identify IP addresses of crawlers used by search engines and reputation services, which evaluate the risk in visiting certain Web sites, and serve them legitimate content.

These methods are used to avoid alerting security researchers. Hackers generally want their malware to be effective for as long as possible, but that window has increasingly been closed by faster reaction times from antivirus companies.

For example, a huge spam run with a Trojan horse program -- one that looks harmless but isn't -- is usually quickly detected by antivirus companies, which issue updates for their software to detect the malware.

However, the quantity of malicious code has moved security vendors to add other defenses to their software, such as the ability to detect when a new program is doing something suspicious, such as suddenly communicating with a remote server.

It wasn't immediately clear how many Web sites may be using this style of attack. However, Finjan said it's an example of how hackers are raising the bar to mask their attacks on computers and steal data, such as bank details.

"Large numbers of infected users means higher revenues for the attackers," Finjan said.

  • Recommend this story?
  • 0 Yes
    0 No

"Sneaky Hack Ducks Detection" Comments

Print 65% more pages than with refilled inks. Trust Original HP Inks. Hit Print Reliably.

Featured APC Accessories For Your System
10% Off Entire Cart at Online Store

  • APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
  • APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.

People who read this also read:

  • 2007 Microsoft Office Suites Comparison This paper compares and contrasts four suites of the 2007 Microsoft Office system: Microsoft Office Standard 2007, Microsoft Office Professional Plus 2007, Microsoft Office Enterprise 2007 and Microsoft Office Ultimate 2007. This paper is intended to help organizations understand the applications and capabilities offered, and to identify the suite that best fits their needs.
  • Windows Vista Migration: The Business Proposition It's not so much a matter of "if" but "when" for most organizations regarding migration to Windows Vista. Laying the groundwork now for this migration can yield higher ROI than waiting until later. This Computerworld Technology Briefing explains it all.

PC World's Marketplace