Hackers Step Up The Game
By:
Minu Sirsalewala
| Jan 08, 2007
Finjan, a provider of web security solutions for businesses and organizations, recently announced its findings on the latest web security trends as uncovered by its Malicious Code Research Center (MCRC).
In its Web Security Trends Report Finjan focuses on dynamic code obfuscation as a method to hide malicious code, a trend discovered by Finjan researchers that is growing in popularity among hackers as a means of bypassing traditional signature-based solutions in order to propagate malware.
Dynamic code obfuscation undermines the ability of security vendors to detect and counter encrypted malicious code. These strategies entail providing each visitor to a malicious site with a different instance of obfuscated malicious code, based on random functions, parameter name changes, etc.
To counter this threat, a conventional signature-based security solution theoretically would need millions of signatures to detect the existence of this particular piece of malicious code and to block it.
"Dynamic code obfuscation techniques are the latest salvo from hackers in the ongoing battle of wits between security vendors and their hacker opponents," said Yuval Ben-Itzhak, Finjan's CTO. "Over the years, each time a new type of attack appears in the wild, security companies scramble to create a solution. Then, as soon as the hackers become familiar with the newest defense, they devise a new method to circumvent it."
Currently, hackers have begun to take advantage of new web technologies to create complex and blended attacks. With their creation of dynamic obfuscation utilities, which enable virtually anyone to obfuscate code in an automated manner, they have dramatically escalated the threat to web security.
The report also describes recent specific incidents of sophisticated hacker attacks that take advantage of Web 2.0 technologies to embed malicious code in high-traffic web sites. An example of this kind of proliferation is when hackers used the popular Wikipedia encyclopedia and MySpace social networking site to infect innocent users.
2006 saw the arrival of a diverse range of web-based infection techniques – including rogue anti-spyware, ransomware, and rootkits -- that elude traditional security solutions geared to protect against e-mail viruses and spam. Looking forward to 2007, the Web Security Trends Report predicts that as Windows Vista and Internet Explorer 7.0 begin to achieve critical mass, this development will likely trigger a new wave of exploits from professional hackers who have had time to prepare in advance for this scenario.
In its Web Security Trends Report Finjan focuses on dynamic code obfuscation as a method to hide malicious code, a trend discovered by Finjan researchers that is growing in popularity among hackers as a means of bypassing traditional signature-based solutions in order to propagate malware.
Dynamic code obfuscation undermines the ability of security vendors to detect and counter encrypted malicious code. These strategies entail providing each visitor to a malicious site with a different instance of obfuscated malicious code, based on random functions, parameter name changes, etc.
To counter this threat, a conventional signature-based security solution theoretically would need millions of signatures to detect the existence of this particular piece of malicious code and to block it.
"Dynamic code obfuscation techniques are the latest salvo from hackers in the ongoing battle of wits between security vendors and their hacker opponents," said Yuval Ben-Itzhak, Finjan's CTO. "Over the years, each time a new type of attack appears in the wild, security companies scramble to create a solution. Then, as soon as the hackers become familiar with the newest defense, they devise a new method to circumvent it."
Currently, hackers have begun to take advantage of new web technologies to create complex and blended attacks. With their creation of dynamic obfuscation utilities, which enable virtually anyone to obfuscate code in an automated manner, they have dramatically escalated the threat to web security.
The report also describes recent specific incidents of sophisticated hacker attacks that take advantage of Web 2.0 technologies to embed malicious code in high-traffic web sites. An example of this kind of proliferation is when hackers used the popular Wikipedia encyclopedia and MySpace social networking site to infect innocent users.
2006 saw the arrival of a diverse range of web-based infection techniques – including rogue anti-spyware, ransomware, and rootkits -- that elude traditional security solutions geared to protect against e-mail viruses and spam. Looking forward to 2007, the Web Security Trends Report predicts that as Windows Vista and Internet Explorer 7.0 begin to achieve critical mass, this development will likely trigger a new wave of exploits from professional hackers who have had time to prepare in advance for this scenario.
| Ads by Google | ||
Post a Comment on “Hackers Step Up The Game”
There are no comments on this article yet. Why don't you post one?
LATEST NEWS
- IBM Cognos BI Software To Give Personalised Strategic Info
- DoT In Dilemma To Work Out 2G-3G Revenue Split
- Websense Delivers Data Loss Prevention Endpoint Software
- Economy Suggests Changes Afoot For SI Vendors
- BroadSoft, Microsoft Bring UC To Businesses Of All Sizes
- Harness The Power Of Your IP Connection
- Second Coming Of Best-Of-Breed Applications: Are You Ready?
- HP StorageWorks Achieves Milestone Through EVA Line
- Business Continuity Poll Shows Readiness Gap At 20 Percent Of Companies
- Vodafone Brings BlackBerry Storm To The Market
| Ads by Google | ||
RELATED
| Ads by Google | ||
Hot Searches & Keywords :
AMD
APAC
Acquisition
Asia Pacific
Asian Paints
BFSI
BI
BPO
BSNL
Bangalore
Bharti Airtel
Blackberry
Broadband
Business Objects
Business intelligence
CA
CIO
CRM
Cisco
Cisco Systems
Compliance
Data
Data Centre
Datacentre
Dell
EMC
ERP
Frost & Sullivan
Gartner
Google
Growth
HDFC Bank
HP
IBM
IDC
IPTV
IT
India
Innovation
Intel
Internet
Linux
Manish Choksi
McAfee
Microsoft
Mobile
Mobile Banking
Nasscom
NetApp
Network
Networking
Novell
Open Source
Oracle
PLM
Red Hat
Retail
SAP
SMB
SMBs
SME
SOA
SaaS
Security
Servers
Software
Storage
Sun Microsystems
Symantec
TCS
Unified Communications
VMware
Virtualisation
VoIP
Web
Web 2.0
Websense
WiMax
Wipro
e-governance
healthcare
outsourcing
partnership
telecom
|
|
||
| Ads by Google |
Sections
Applications |
Audits&surveys |
Bfsi |
Bookreviews |
Businessintelligence |
Businessprocesses |
Ciscosmenews |
Ciscowhitepapers |
Computing |
Contactcenters |
Contributedvideos |
Crm |
Ctoprofiles |
Datasecurity |
Databases |
Datacenters |
Education |
Energy |
Erp |
Focusspecials |
Government |
Guruspeak |
Hardwaresecurity |
Indialogue |
Innovation&leadership |
Innovators |
Intrusiondetection |
Intrusionprevention |
Ites |
Knowledgeprocess |
Lenovo |
Linux |
Managedservices |
Manufacturing |
Media |
Mobile |
Mobility |
Movement |
Networking |
Oncuewithitleaders |
Peoplemanagement |
Pharma |
Platforms |
Policies&compliance |
Recruitment |
Retail |
Saas |
Scm |
Securitymanagement |
Servers |
Services |
Softwaresecurity |
Softwareservices |
Specialreports |
Storage |
Storagesolution(apps) |
Techaction |
Telecom |
Telecommunications |
Theinsider |
Trendwatch |
Web |
Webisodescisco |
Weeklywrapup |
About Us | Copyright © 2006, Biztech2.com India - A Network18 Venture