Script Fragmentation Attack Could Allow Hackers to Dodge Anti-virus Detection
Stephan Chenette of Websense describes a new Internet attack vector that could allow hackers to bypass anti-virus protection at both the gateway and the desktop. The technique, called script fragmentation, involves breaking down malware into smaller pieces in order to beat malware analysis engines. Web 2.0 requires new ways of thinking about browser security.
Security researcher Stephan Chenette opened up to eWEEK about a new Web attack vector that could potentially render desktop and gateway anti-virus products useless.
Chenette, manager of security research at Websense, calls the attack script fragmentation. Similar to TCP fragmentation attacks, it involves breaking down Web exploits into smaller pieces and distributing them in a synchronous manner to evade anti-malware signature detection.
"What this attack enables you to do is really get exploit code from the server into the browser memory and trigger the exploit," Chenette said. "Once you actually are able to trigger that exploit, you own that machine, so that means you can disable anti-virus, you can disable any protection mechanism after the fact."
How will botnets change tactics to stay active?
More:
http://www.eweek.com/c/a/Security/Script-Fragmentation-Attack-Could-Allow-Hackers-to-Dodge-AntiVirus-Detection/
............................................................................................
Site Admin / Security Administrator
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Stephan Chenette of Websense describes a new Internet attack vector that could allow hackers to bypass anti-virus protection at both the gateway and the desktop. The technique, called script fragmentation, involves breaking down malware into smaller pieces in order to beat malware analysis engines. Web 2.0 requires new ways of thinking about browser security.
Security researcher Stephan Chenette opened up to eWEEK about a new Web attack vector that could potentially render desktop and gateway anti-virus products useless.
Chenette, manager of security research at Websense, calls the attack script fragmentation. Similar to TCP fragmentation attacks, it involves breaking down Web exploits into smaller pieces and distributing them in a synchronous manner to evade anti-malware signature detection.
"What this attack enables you to do is really get exploit code from the server into the browser memory and trigger the exploit," Chenette said. "Once you actually are able to trigger that exploit, you own that machine, so that means you can disable anti-virus, you can disable any protection mechanism after the fact."
How will botnets change tactics to stay active?
More:
http://www.eweek.com/c/a/Security/Script-Fragmentation-Attack-Could-Allow-Hackers-to-Dodge-AntiVirus-Detection/
Site Admin / Security Administrator
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.