Hidden code threatens web users

News

Hidden code threatens web users

Warwick Ashford

Code hidden in legitimate websites is now the weapon of choice being used by cybercriminals to pass on malware to unsuspecting users, says security firm Finjan.

Researchers at Finjan's Malicious Code Research Centre have notified US media company CBS that one of its online pages has been compromised in this way.

"The injected script then dynamically injects an IFrame that pulls malware from a remote server locating in Russia," said Yuval Ben-Itzhak, Finjan's CTO.

Finjan has taken the criminal server offline, but the attack confirms that code hidden in legitimate websites poses a serious threat to internet users, he said.

According to Finjan, the use of obfuscated code or code written in such a way as to make it difficult to detect, is increasing.

Such code is effectively hidden in legitimate websites because the function of the code is not clear because of the way it is written and it by-passes traditional signature-based malware detection methods.

The attack on the CBS website highlights that no website can be totally secure against a system hack and consequent infection of visitors' PCs, said Ben-Itzhak.

Finjan said all businesses should install a secure web gateway to protect valuable data from being compromised by malware and conduct regular malware detection audits.

All users are advised to exercise caution when visiting Web 2.0 enabled sites such as social networking sites and not to rely on signature-based security software.

The best defence against this rapidly growing attack method is to use proactive, behaviour-based IT security technology that analyses every piece of content.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy