-
Russell Mickler, Principal Consultant, has over 17 years of professional experience leading and managing IT organizations.
New Hack Attack Bundled in Ads
Written on June 18, 2007
Leave a Comment
|
On June 4-6, Yuval Ben-Itzhak, CTO of Finjan Digital Technology, presented evidence for a new form of hosted attack at the Gartner Group Summit held in Washington DC.
One form of this attack is to break into a legitimate website and insert an invisible document sourcing an HTML page uploaded by the hacker. Instead of defacing the website, the code now sits invisibly on the legitimate server.
Another form of this attack is to distribute the code through 3rd party advertising networks. People who run websites and blogs will subscribe to 3rd party ad feeds to generate revenue. An add that has been manipulated to store the same malicious code can be unintentionally downloaded and displayed on the website without the knowledge of the owner.
The code captures the IP addresses of visitors that come to websites. Those addresses are accumulated by the hacker. The hacker can then use the captured IP addresses from visitors to mask their own malicious webpages. This means – to anti-malware solutions that detect the malicious websites and rely on databases of known-bad IP addresses – the bad website isn’t recognized or detected, allowing it to infect visiting users.
“The reality is that commercially-driven hackers are using new sophisticated
methods, such as dynamic code obfuscation and evasive attacks, to bypass
traditional signature-based and database reliant solutions, which were not
designed to detect dynamic web scenarios,” said Ben-Itzhak.
“The combination of evasive attacks with code obfuscation techniques
significantly enhances the capability of sophisticated hackers to go
undetected.”
No successful defense yet other than to periodically review your website for compromise. Ben-Itzhak’s group tried to track down the offending 3rd party advertising network distributing the malicious advertising but was unsuccessful in finding them.
The emergence of this kind of attack just goes to suggest that the modern day hacker is a more clever hacker, one more interested in obscurity and economies of scale effects rather than defacing a website once they get an opportunity.