Hackers hiding malware in JavaScript
Wednesday, October 8, 2008
Hackers are using JavaScript to hide malicious code from web and email security filters, HP's Billy Hoffman has claimed.
Talking to Search Security, he explained that while hackers used to launch network security attacks using fairly straightforward delivery messages, they are now hiding malware within JavaScript apps that purposively obfuscates the code in order to allow it to slip through web and email filters.
"Not only is JavaScript being used to hide traditional nastiness, over the last two or three years we've seen JavaScript itself can do very nasty things," he told the online journal.
One of the popular attacks uses JavaScript apps to capture keystrokes.
He added that using the coding platform is particularly lucrative because it can target Windows, Linux and Mac users.
Elsewhere, Dark Reading has recently reported that a new JavaScript tool called Middler can allow hackers to bypass web security authentication on certain banking, email and social networking sites, even though login is conducted using encryption protocols.
Related News:
FBI: Law firms and PR agencies high on hacker target lists - 11.18.2009
Using complex email scams, cyber criminals are increasingly targeting sensitive information held by law firms and public relations companies, according to an FBI advisory released earlier this month.
Phishing email takes numerous forms - 11.17.2009
The practice of impersonating authoritative websites and sources in order to convince victims to divulge personal information - known as phishing - has come a long way from the Nigerian "419" scams that popularized the technique in the public mind. Modern phishing is becoming increasingly dangerous in part because attacks can come from a variety of sources.
Email filtering technology working overtime, but spam won't go quietly - 11.16.2009
While modern email filtering systems can block 95 to 99 percent of spam messages, according to Tech Target, mountains of unsolicited email are still delivered every day, accounting for the vast majority of all emails sent.
Phishing scam targets investors, spoofs finance agency - 10.9.2009
The Financial Industry Regulatory Agency (FINRA), an independent regulator of brokerages, is warning investors that they may be targeted by a phishing scam through emails claiming to come from the agency.
Phishing scammers leak Windows Live Hotmail passwords to web - 10.6.2009
Hackers posted thousands of passwords from Windows Live Hotmail email accounts to a website over the weekend, in what Microsoft said was the result of a phishing campaign targeting the free webmail service.
|
