Evasive internet attacks, where malware evades internet
security systems, are a growing threat.
Web security firm
Finjan has published a report on the problem,
which sees attacks designed to bypass signature-based and
database-reliant security technology.
Finjan said evasive attacks relied on various tactics. For
instance, in order to minimise the malicious code’s window of
exposure, website evasive attacks can keep track of actual IP
addresses of visitors to a particular website or web page.
Using this information, the attackers restrict exposure to the
malicious code to a single view from each unique IP address. This
means that the second time a given IP address tries to access the
malicious page, a benign page will be automatically displayed in
its place.
All traces of the initial malicious page completely disappear.
This tactic reduces the chance of the malware being detected by
supplier security systems.
Another tactic is to pay owners of specific websites a fee for
each user that is infected with malware that can be used to
generate financial gain for the hackers.
Finjan also reports that an increasing number of
legitimate websites are carrying
advertising campaigns infected with malware.
Quite often, websites will automatically assume that the
advertising they sold will be legitimate, but they forget or don’t
care that the space sold could be sub-let, including to
hackers.
Internet Explorer security learning guide >>
File infectors top malware charts >>
David Lacey’s
security blog >>
Comment on this article: e-mail
computer.weekly@rbi.co.uk