Hackers becoming ever more secretive

gallery

Hackers are coming up with ever more secretive and complicated attacks in order to bypass traditional signature-based anti-malware applications, according to new research.

The latest Web Security Trends report from IT security company Finjan said that "affiliation networks" are growing in number and these are based on a "hosted model" for malicious code. These networks take pre-package malware to gain access to popular websites and even government domains.

Much like how websites run an affiliates program to reward other businesses for driving traffic to their sites, hackers are using the same business model to profit from malware infections.

Malicious code is hosted on a compromised server and hackers then use the code with their affiliate's reference in the code placed on various websites.

"The end result is that malicious code runs on the website, and the website owner is paid according to the number of infections to visitors on its website," said the report's authors.

The report found that criminal gangs are now keeping track of IP addresses of victims visiting target websites - exposing users to malicious code only once. This code vanishes the second time the user visits the website. Finjan said the hackers use these methods to hide malcode from web crawlers, URL filters and reputation engines.

The company said these attacks represent a "quantum leap for hackers in terms of their technological sophistication, and pose a serious challenge to the IT community."

"Evasive attack techniques, where malicious code is controlled per IP address, country of origin or number of visits, provide hackers with the ability to minimise the malicious code's exposure, thereby reducing the likelihood of detection," said Yuval Ben-Itzhak, chief technology officer at Finjan.

"The combination of these evasive attacks with code obfuscation techniques significantly enhances the capability of sophisticated hackers to go undetected."

Email to a friend

Print this page