Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Evasive attacks bypass many anti-virus programmes.

Finjan Software : 05 June, 2007  (Technical Article)
New wave of malicious code have the potential to circumvent anti-virus signature files and evade detection warns Finjan.
Finjan has released its Web Security Trends Report (Q2 2007) which focuses on a new genre of highly sophisticated and evasive attacks designed to potentially bypass signature-based and database-reliant security technology. The report also describes the proliferation of affiliation networks based on a 'hosted model' for malicious code, which utilize off-the-shelf malicious code packages to compromise highly popular websites and even government domains. Also following on from the trend revealed in Finjan's Q1 report, new examples show the growing presence of malicious code in online advertising on legitimate websites.

Recent findings by Finjan reveal that hackers have created a new class of highly evasive attacks. These attacks represent a quantum leap in terms of their technological sophistication, going far beyond drive-by downloads and code obfuscation. In order to minimize the malicious code's window of exposure, evasive attacks keep track of the actual IP addresses of visitors to a particular website or web page. Using this information, the attackers restrict exposure to the malicious code to a single view from each unique IP address. This means that the second time a given IP address tries to access the malicious page, a benign page will be automatically displayed in its place. All traces of the initial malicious page completely disappear. The report provides examples of evasive attacks, along with the actual code used by the hacker to run them.

'Evasive attack techniques where malicious code is controlled per IP address, country of origin or number of visits provide hackers with the ability to minimize the malicious code's exposure, thereby reducing the likelihood of detection. Moreover, evasive attacks can identify the IP addresses of crawlers used by URL filtering, reputation services and search engines, replying to these engines with legitimate content and increasing the chances of mistakenly being classified by them as a legitimate category,' s aid Yuval Ben-Itzhak , CTO , Finjan . 'The combination of these evasive attacks with code obfuscation techniques significantly enhances the capability of sophisticated hackers to go undetected.'
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo