Jump to content

Online Keystroke Attack Proves Tough To Find


Xaggeration

Recommended Posts

A new method of attack is baffling security software and researchers with the lengths it goes to avoid detection.

 

The stealth attack involves websites that have been hacked to host malicious code, an increasingly common trap on the internet. If a user with an unpatched PC visits such a site, the computer can become automatically infected with code. The attack code can then record keystrokes and steal financial data typed into forms.

 

The method uses special JavaScript coding, and ensures that malicious code is served up only once to a computer, according to security vendor Finjan.

 

"These attacks represent a quantum leap for hackers in terms of their technological sophistication," states the report.

 

"Equally important, this minimises the exposure of the malicious code to forensic analysis or security research, as there is just one opportunity for a visitor to actually see the code."

 

After a user visits the malicious website, the hackers record the victim's IP (Internet protocol) address in a database. If the user goes to the site again, the malicious code will not be served, and a benign page will be served in its place, Finjan's report said.

 

It's also possible for hackers to block exposure of malicious code for users in a particular country. And the hackers can identify IP addresses of crawlers used by search engines and reputation services, which evaluate the risk in visiting certain websites, and serve them legitimate content.

 

These methods are used to avoid alerting security researchers. Hackers generally want their malware to be effective for as long as possible, but that window has increasingly been closed by faster reaction times from antivirus companies.

 

For example, a huge spam run with a Trojan horse program - one that looks harmless but isn't - is usually quickly detected by antivirus companies, which issue updates for their software to detect the malware.

 

However, the quantity of malicious code has moved security vendors to add other defenses to their software, such as the ability to detect when a new program is doing something suspicious, such as suddenly communicating with a remote server.

 

It wasn't immediately clear how many websites may be using this style of attack. However, Finjan said it's an example of how hackers are raising the bar to mask their attacks on computers and steal data, such as bank details.

 

"Large numbers of infected users means higher revenues for the attackers," Finjan said.

 

~~PC Advisor

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...