R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com
Jargon Buster

ADVERTISEMENT

Hackers unleash 'insidious' crimeware attack

Trusted websites turned into traps

Robert Jaques, vnunet.com 14 Jan 2008
ADVERTISEMENT

Security experts have warned of a crimeware attack that threatens to turn highly trusted websites into "insidious traps" for unwary visitors.

Finjan's Malicious Code Research Center said that more than 10,000 websites in the US were infected by this malware in December alone.

The attack, which the firm has designated 'random js toolkit', is an " extremely elusive" Trojan that sends data from infected machines direct to the malware author.

Stolen data can include documents, passwords, surfing habits or any other sensitive information of interest to the criminal.

The JavaScript toolkit is created dynamically and changes every time it is accessed. This makes it almost impossible for traditional signature-based anti-malware products to detect.

Yuval Ben-Itzhak, chief technology officer at Finjan, explained that signature-based detection for dynamic script is ineffective.

"'Signaturing' the exploiting code itself is not effective, since these exploits change continually to stay ahead of current zero-day threats and available patches," he said.

"Keeping an up-to-date list of 'highly-trusted/doubtful' domains serves only as a limited defence against this attack vector."

Ben-Itzhak added that the 'random js toolkit' is an example of the recent trend among cyber-criminals to undermine 'trusted' websites.

"Studies in mid-2007 showed nearly 30,000 infected web pages being created every day," he said.

"About 80 per cent of pages hosting malicious software or containing drive-by downloads with damaging content were located on hacked legitimate sites. Today the situation is much worse."

The 'random js attack' is performed by dynamically embedding scripts into a webpage, providing a random filename that can be accessed only once.

This dynamic embedding is done in such a selective manner that when a user has received a page with the embedded malicious script once, it will not be referenced again on further requests.

This method prevents detection of the malware in later forensic analyses.

See also:

New Year resolutions for security managers
Time to push security up the IT agenda  14 Jan 2008
Cyber-crooks target chat platforms
Unique threats soar in 2007  14 Jan 2008
MySpace
MySpace page pushes fake Microsoft update
Dodgy profile hosting 'malware cocktail'  14 Jan 2008
Boeing 787 grounded over hacking fears
FAA concerned that passengers could hack flight systems  11 Jan 2008
Barclays chairman has identity stolen
Thief gets away with £10,000  11 Jan 2008
'Sick' new scam targets non-profits
Beware fake philanthropists  14 Jan 2008

All Hacking

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Database Operations Team Leader
Hertfordshire, United Kingdom | Tesco.com
Database Operations Team Leader - Hertfordshire Who's behind the world's most successful online retailer?Just over 10 years ago we started Tesco.com (aka Dotcom). Today, we've an incredible 750,000 active customers and sales at just under £1 ... more >
Become a Microsoft Certified Professional. Sign-up today to find out more.
United Kingdom | Advent Computer Training
Are you stuck in a dead end job? Do you want to take control of your salary, life and career? Advent IT and computer training offers advanced, professional training and helps you find the right ... more >
BUSINESS CONSULTANT – Smart Metering, Energy Efficiency and Energy Audit
Solihull, United Kingdom | Enzen Global Limited
Business Consultant - £35,000 - £40,000 - Solihull We are in need of a Business Consultant with strong analytical skills and a penchant for learning the domain knowledge of the Utilities sector (Gas industry in ... more >
PDS/PDMS Administrator
Berkshire, Reading, United Kingdom | Foster Wheeler
PDS/PDMS Administrator Foster Wheeler is a leading international project management, engineering and construction organisation with global construction capabilities working on major projects within upstream oil & gas, midstream & LNG, refining, petrochemicals & chemicals, pharmaceuticals ... more >
More job opportunities
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Accessibility
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503