According to the latest Malicious Page of the Month report from Finjan’s Malicious Code Research Center (MCRC), obfuscated code remains the top method used by criminals to hide their tracks. In addition, obfuscated code is also gaining ground with use in not only Web content, but rich-content files such as Flash and PDF.
Code obfuscation remains the key to successful online attacks.(IMG:J.Anderson)
According to Finjan’s report, code obfuscation remains the preferred technique for criminals to launch and hide their online attacks. In the latest research, Finjan published examples and details of obfuscated code located in Web pages, as well as other formats including PDF files and Flash-based content.
“Since JavaScript is the most-used scripting language for communication with web browsers, third-party applications such as Flash player, PDF readers and other multimedia applications have added support for JavaScript as part of their application,” said Yuval Ben-Itzhak, chief technology officer of Finjan.
“This offers [Malware] authors the opportunity to inject malicious code into rich-content files used by Ads and user-generated content on Web 2.0 websites,” he added.
Finjan says that online advertising and user-created content on Web 2.0 portals are gaining popularity among criminals as avenues of attack, using obfuscated code to direct end users to Malware-laced content online.
Examples of this level of attack have been seen on social networking services such as MySpace and Facebook, as well as other portals. Other attacks have also taken place on Web 2.0-based message boards and image galleries.
In addition to examples of recent code, the Malicious Page of the Month looks at the history of obfuscated code.
The history starts in 2005, when obfuscation consisted of character-based encoding -- using any format a browser could interpret -- and code scrambling.
Moving to 2006, code obfuscation became dynamic -- providing a predefined function, which receives as input long sets of characters.
Then, in 2007, an AJAX-based 'private key' was used for de-obfuscating the code, enabling the code to be seen once, and in real-time only.
The report is available now; if this line of security research is something that interests you, then feel free to check it out.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story