Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Criminally intent malware from China.

Finjan Software : 17 December, 2007  (Technical Article)
Finjan reveals extent of malware coming from China which is difficult for signature based anti virus detection products to detect.
Finjan has announced important findings by its Malicious Code Research Centre (MCRC) which has identified increased malicious activity coming out of China recently. Finjan has examined the attacks and the mechanisms involved in executing them, and found an intricate network of connections between Chinese-based servers whose main purpose is to conduct criminal activity. Finjan have discovered that the entry points that initiate the attack on users "in the wild" exist all over the world and all are eventually associated with servers that are registered as Chinese domains.

The attackers are spreading their attacks by placing the entry points for the attack on a variety of websites, located in different regions and categorized differently by URL categorization engines. The infection consists of either an IFRAME or a SCRIPT tag being placed on the website that causes the users visiting the site to be attacked. Examples for such entry point regions are shown in the Finjan December 2007 Malicious Page of the Month Report and were found on trusted websites in the USA, China, and Western Europe, including Government and Education sites. After the victim reaches an entry point, the attackers use dynamic code obfuscation methods to limiting signature-based technologies from detecting the attack and the victim is redirected to a series of sites containing iframes that will eventually force the victim to visit a site that belongs to the Chinese network. In the first part of the actual malicious attack, the attackers are using known, as well as new, exploits that will infect the victim with a Crimeware-Trojan. After the initial Trojan is loaded it initiates the downloading of other Trojans from different locations. The victim's compromised computer will now redirect to other sites in order to send statistical information about the infected PC. Finjan have discovered that different Trojans send encoded information to the same sites (located in China) that we identified as being unique to the attack.

"Signature-based and database-driven technologies like Anti-virus and URL filtering are limited against the types of attacks we discovered, as the number of vectors and sophisticated structure of the network of websites can bypass traditional information security technologies." said Finjan CTO Yuval Ben-Itzhak, "Signature-based solutions are finding it hard to deal with the fact that most of the code is obfuscated and changed frequently. URL classification-based solutions will find it hard to block an attack that is triggered from legitimate sites, such as government or academic domains. The recommended methodology for handling these modern security threats is to inspect the actual content in real-time, regardless of its source, domain name, and the way it looks. To prevent these attacks organization should add real-time content inspection technology that blocks browsing to one of these infected sites after correctly identifying that they carry malicious code that attempts to exploit a vulnerability."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo