Obfuscated combined attacks bypass anti-virus and prove successful in the first half of 2010

News by Dan Raywood

Cyber criminals are bypassing traditional anti-virus detection by obfuscating their combined attacks.

Cyber criminals are bypassing traditional anti-virus detection by obfuscating their combined attacks.

According to the bi-annual security labs report from M86 Security, combined attacks leverage Adobe's ActionScript and JavaScript languages to thwart most of the new, proactive detection mechanisms.

It claimed that this threat trend is the latest to emerge,as existing techniques for covering their tracks are becoming less effective for cyber criminals, so the combined attacks split the malicious code between Adobe ActionScript language - built into Adobe flash - and JavaScript components on the web page.

Ed Rowley, product manager of M86 Security, said that this technique lays the code in the web page so that it is hard to detect. Asked how it was being detected, Rowley said: “Windows that host malware are used and are programmed to host the code. So a user goes to the site and can be infected, but it is hard to detect as the code can change between page visits.

“Using a behavioural analysis technique can pick up this, and traditional anti-virus does not pick it up. When downloading it might be two parts to execute, with half in the JavaScript and half in the website. We are definitely seeing a lot of this and finding it to be very successful.”

With regards to spam, SC Magazine reported earlier this month on a rise in Canadian pharmacy related messages. M86 Security detected that the Canadian pharmacy remains the most popular because it is the most lucrative and accounted for 67 per cent of all pharmacy spam, generally relating to 80.7 per cent of spam.

Asked what could be done to help quell the spread of success of such spam, Rowley said: “It is about education and there is no excuse when most anti-virus vendors stop 99 per cent of spam. So for the rest it is education but people are still being caught out by phishing.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews