Evasive web attacks bypass security systems

Evasive internet attacks, where malware evades internet security systems, are a growing threat.

Web security firm Finjan has published a report on the problem, which sees attacks designed to bypass signature-based and database-reliant security technology. 

Finjan said evasive attacks relied on various tactics. For instance, in order to minimise the malicious code’s window of exposure, website evasive attacks can keep track of actual IP addresses of visitors to a particular website or web page.

Using this information, the attackers restrict exposure to the malicious code to a single view from each unique IP address. This means that the second time a given IP address tries to access the malicious page, a benign page will be automatically displayed in its place.

All traces of the initial malicious page completely disappear. This tactic reduces the chance of the malware being detected by supplier security systems.

Another tactic is to pay owners of specific websites a fee for each user that is infected with malware that can be used to generate financial gain for the hackers.

Finjan also reports that an increasing number of legitimate websites are carrying advertising campaigns infected with malware.

Quite often, websites will automatically assume that the advertising they sold will be legitimate, but they forget or don’t care that the space sold could be sub-let, including to hackers.

Internet Explorer security learning guide >>

File infectors top malware charts >>

David Lacey’s security blog >>

Comment on this article: e-mail computer.weekly@rbi.co.uk