Hackers hiding malware in JavaScript
Wednesday, October 8, 2008
Hackers are using JavaScript to hide malicious code from web and email security filters, HP's Billy Hoffman has claimed.
Talking to Search Security, he explained that while hackers used to launch network security attacks using fairly straightforward delivery messages, they are now hiding malware within JavaScript apps that purposively obfuscates the code in order to allow it to slip through web and email filters.
"Not only is JavaScript being used to hide traditional nastiness, over the last two or three years we've seen JavaScript itself can do very nasty things," he told the online journal.
One of the popular attacks uses JavaScript apps to capture keystrokes.
He added that using the coding platform is particularly lucrative because it can target Windows, Linux and Mac users.
Elsewhere, Dark Reading has recently reported that a new JavaScript tool called Middler can allow hackers to bypass web security authentication on certain banking, email and social networking sites, even though login is conducted using encryption protocols.
Related News:
Gmail security concerns provoke moves toward strict measures - 1.18.2010
After an attack by Chinese cyber criminals penetrated the network security and email systems of U.S. corporations and Chinese human rights activists living abroad, Gmail was quick to announce that it would bolster its security by making HTTPS access the default method.
Security flaw in IE used to target U.S. firms in cyber attack - 1.15.2010
Microsoft announced yesterday that the cyber criminals who launched a large-scale assault on network security at multiple American firms did so via a vulnerability in the company's Internet Explorer browser software.
Cyber attacks prompt probable Google withdrawal from China - 1.14.2010
An attempt to crack the email security protecting the accounts of several human rights activists in China and elsewhere has caused search giant Google to end its cooperative relationship with the Chinese government, and, experts say, probably cease operations in China altogether.
Spam sticks around because it works: Report - 12.29.2009
Although anti-spam utilities have grown more sophisticated and email users have grown more savvy, email spam shows no signs of slowing down, according to the St. Louis Post-Dispatch.
FBI: Law firms and PR agencies high on hacker target lists - 11.18.2009
Using complex email scams, cyber criminals are increasingly targeting sensitive information held by law firms and public relations companies, according to an FBI advisory released earlier this month.
|
