Dynamic code obfuscation -- the latest method used by hackers to evade detection
The Finjan report provides several examples of dynamic code obfuscation techniques identified by Finjan’s MCRC as an especially insidious threat that undermines the ability of security vendors to detect and counter encrypted malicious code. These strategies entail providing each visitor to a malicious site with a different instance of obfuscated malicious code, based on random functions, parameter name changes, etc. To counter this threat, a conventional signature-based security solution theoretically would need millions of signatures to detect the existence of this particular piece of malicious code and to block it.
Q3 follow-up: hackers target Web 2.0 platforms and technologies
The Finjan report also details two recently publicized incidents in which hackers used the popular Wikipedia encyclopedia and MySpace social networking site to infect innocent users. These incidents provide real-world examples of the use of Web 2.0 technologies to propagate malicious attacks, a topic discussed in the earlier Q3 Finjan report which revealed how malicious code on highly popular sites can be used to infect innocent visitors to these sites.
Dynamic nature of the Web complicates security going into 2007
The Finjan report concludes with a review of Web security trends that emerged in 2006, and forecasts new developments in 2007. 2006 saw the arrival of a diverse range of web-based infection techniques -- including rogue anti-spyware, ransomware, and rootkits -- that elude traditional security solutions geared to protect against email viruses and spam. Another development in 2006 was the commercialization of malicious code, as financial motivations played an increasing role in the evolution of malware. Motivated by financial gain, hackers are trading vulnerabilities in online auctions, commercializing products such as malicious website creation toolkits, and developing new distribution techniques, including spam, for the propagation of malicious code.
Looking forward to 2007, the Web Security Trends Report predicts that as Windows Vista and Internet Explorer 7.0 begin to achieve critical mass, this development will likely trigger a new wave of exploits from professional hackers who have had time to prepare in advance for this scenario.