Hackers are using more sophisticated means to hide malicious code and targeting web 2.0 technologies, said web security vendor, Finjan.
The UK-based security company revealed its findings on web-based malware activity during the fourth quarter of 2006 as discovered by its Malicious Code Research Center (MCRC).
The report focuses on dynamic code obfuscation as a method to hide malicious code, a trend discovered by Finjan researchers that is growing in popularity among hackers as a means of bypassing traditional signature-based solutions in order to propagate malware.
It also describes recent specific incidents of sophisticated hacker attacks that take advantage of web 2.0 technologies to embed malicious code in high-traffic websites.
Finjan said, alongside examples in the report, that dynamic code obfuscation techniques were an especially insidious threat that undermines the ability of security vendors to detect and counter encrypted malicious code.
It said this entails providing each visitor to a malicious site with a different instance of obfuscated malicious code, based on random functions, parameter name changes and so on. To counter the threat, a conventional signature-based security solution would theoretically need millions of signatures to detect the existence of this particular piece of malicious code and to block it.
“This type of attack vector can easily bypass signature-based solutions like anti-virus and URL Filtering, which were not built to detect these types of dynamic web scenarios,” said Yuval Ben-Itzhak, Finjan’s chief technology officer.