VANCOUVER, B.C.--Cybercrooks who rig Web sites to break into PCs are getting better at hiding their malicious code, a security expert said Wednesday.
Increasingly the actual code, often JavaScript, used to attack PCs is hidden in Flash animations or scrambled so that anyone who examines the source of a page can't easily identify it, said Jose Nazario, a senior software engineer at Arbor Networks, in a presentation at the CanSecWest security confab here.
"Their obfuscation tools are primitive but effective," Nazario said. "They use obfuscation to avoid simple signatures," he said, referring to security techniques based on signatures to detect malicious Web sites. Signatures are fingerprints of known attacks.
Web attacks have become commonplace. Tens of thousands of Web sites attempt to install malicious code, according to StopBadware.org. The sites, the bulk of which are compromised sites, often drop a Trojan horse or other pest onto a PC through a security hole in the Web browser.
Many attacks use JavaScript. Initially miscreants used plain JavaScript in their attacks, but that has changed, Nazario said. He has spotted an encoded script function called "makemelaugh" that downloads a Trojan horse that captures bank information and a Paris Hilton Flash animation that installs a tool that makes a PC part of a botnet.
Attackers also are trying to outsmart security pros by programming malicious sites to load their malicious code only once on the same PC, Nazario said. Furthermore, a new toolkit called NeoSploit identifies the browser and is packed with security exploits to launch the proper attack, he said.
There are things security professionals can do to investigate attacks, Nazario said. "Bad guys are limited by the fact that JavaScript has to be decoded to be used by the browser. As long as you can analyze it outside the browser, you can figure out what it is going to do," he said.
The scrambled code can be made legible since it typically uses simple Base64 encoding for obfuscation and not actual encryption, Nazario said. He suggested NJS, SpiderMonkey and Rhino as tools to investigate script code. Flash files can be analyzed using a program called Flasm, he said.
Malicious JavaScript can be embedded in a Web page and will typically run without warning when the page is viewed in any ordinary browser. Attackers could try to lure you to their own, rigged Web site. But an attack could also lurk on a trusted Web site by exploiting a common flaw known as cross-site scripting.
To shield against malicious JavaScript, Web surfers can disable JavaScript, but that can impact the functionality of many Web sites. An alternative is to use security tools that have blacklists of known bad sites such as McAfee's SiteAdvisor or Google's Toolbar for Firefox or Desktop software.
Another alternative is Exploit Prevention Labs' LinkScanner, which monitors traffic going into a PC and blocks known exploits.
I see the feature described on the Google Desktop site, however it is not described on the Google Toolbar (<a class="jive-link-external" href="http://toolbar.google.com" target="_newWindow">http://toolbar.google.com</a>). Where do you see such feature? Are you sure it is part of Google's Toolbar?
Chinese authorities have reportedly taken iPads from a third-party retailer, a move apparently brought on by Apple's continued refusal to honor a trademark for the iPad name owned by a Chinese manufacturer.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
After a higher-than-expected fourth quarter, the video subscription service unburdens itself of a pending yearlong class action suit and settles for $9 million.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
