Hacking: Legitimate sites serving up stealthy attacks
January 22nd, 2008 Posted/Linked by Shanmuga
"Thousands of legitimate Web sites are hosting an infection kit that evades detection by attempting to compromise each visitor only once and using a different file name each time, Web security firm Finjan warned last Monday. The attack, dubbed the "Random JS toolkit" by the security firm, currently uses dozens of hosting servers and more than 10,000 legitimate domains to attempt to exploit the systems of visitors to the sites, the company said in an analysis posted to its Web site.
The compromised sites host the malicious code — foregoing the iframe redirect that has increasingly been used by attackers — and serves up the attack to each visitor only once using a random file name each time. The two techniques, along with more traditional code obfuscation, makes the attack difficult to find, said Yuval Ben-Itzhak, chief technology officer for Finjan. "This attack uses three different methods to go undetected by signature-based or URL-based defenses," Ben-Itzhak said. "If you realize that you’ve been infected, and you go and search sites, you will not be able to find the site that infected you."" - Content courtesy of Legitimate sites serving up stealthy attacks
If you enjoyed this post, make sure you subscribe to my RSS feed!
This entry was posted on Tuesday, January 22nd, 2008 at 10:51 am and is filed under Hacking. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
