It is now more difficult to identify malicious Web sites and attacks as antivirus software is proving to be an ineffective defense against new threats, according to a Google study.
The researchers analyzed four years' worth of data from 8 million Web sites and 160 million Web pages using its Safe Browsing service, which feeds the data into Google's Chrome browser, warning users when they land on a site loaded with malware.
Recently, attackers have been using a variety of evasion techniques, which are designed to stop the sites from being flagged as malicious, that make the detection process much more difficult. One of the ways hackers get around virtual machine-based detection is to require the victim to perform a mouse click, which triggers the site to automatically execute an attack. Browser emulators can malfunction when the malicious code is scrambled.
A new, more complex JavaScript code is designed to stop emulated browsers and make manual analysis of the code more difficult, according to the Google engineers. Google also has come across IP cloaking, where a malicious Web site will refuse to serve harmful content to specific IP ranges, especially those used by security researchers. In August 2009, Google found that about 200,000 sites were using IP cloaking.
From IDG News
View Full Article
Abstracts Copyright © 2011 Information Inc. , Bethesda, Maryland, USA
No entries found