February 10, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« Microsoft Speeds Out Security Fix | Main | Podcast: Spam on the Front Lines - Talking With Message Partners About Service Providers and Spam »

April 04, 2007
JavaScript Becoming a Favorite Hacking Tool

An article in Dark Reader details how Javascript has become one of the favorite tools of cybercriminals to both attack a computer and disguise the attack. While, to the naked eye, this form of attack is often hard to distinguish, every Java-Script encoded payload also has to also carry the tools to decode the disguised malware.

"They use JavaScript to obscure what's going on. It looks almost encrypted, so researchers look at it and say they can't make heads or tails of it," Jose Nazario, senior software and security engineer for Arbor Networks, says. But adds: "The decoder ships along with it so the browser can decode [the JavaScript] and run. So we simply run the decoder."

And once the malware is decoded, the malware often reveals characteristics of the attacker as well as pinpoint its different distribution points and close them down. The malware also will reveal what information the attacker was after and what they plan to do with it. Explains Nazario, "We can find out if there's spyware, where is the information going? If they are taking information stolen from a computer and emailing to an account at Gmail, we contact the security [people] there and tell them here are the mailboxes used to receive information from spyware-infected boxes," he explains.

This is part of the trend of cybercriminals focusing on clients and web browsers. And being able to essentially reverse engineer malware allows them to profile the criminals. And while most malware is just copied by the attacker with little change, that’s not always the case: "We see a very small number of people who write their own private exploit code. You know then that you've got an adversary who studies the technology, is highly motivated, and making a bunch of money off of this."

While the ability to reverse-engineer malware is a good way to fight back, if it becomes too prevalent, expect the cybercriminals to adapt to it. As you may have already predicted, Nazario say they have already seen a few anti-reverse engineering techniques.

To read more go to: Dark Reader

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1647

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
Your E-mail Address:
BAM: The Killer App for CEP
Date: Feb 12, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Event Processing Market Pulse
Date: Feb 14, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map