Attackers are switching up their strategies, finds the 2010 Top Cyber Security Risks Report, which focuses on the increasing use of sophisticated obfuscation methods for PDF attacks and malicious JavaScript. "PDFs are made of sets of streams ... usually the exploits come in one stream, one blob of data in the PDF file," says Digital Vaccine Labs' Mike Dausin.
"Nowadays it's common to see the exploit being broken up into 10 or more streams within the PDF and actually cross-referencing themselves." Dausin notes that the same method has cropped up in JavaScript, where the user must contend with either a set of iFrames or a set of script tags that will reference numerous script files, only to summon fragments of an exploit that are then assembled and executed. Because each iFrame is impregnated with a separate exploit, the attacker has significant control over the methods, and adding new exploits or making code changes presents little difficulty.
Each piece of JavaScript is complementary to the other retrieved pieces, and the exploit will not activate unless all of the pieces are together. The study says this technique makes the task of intrusion detection/prevention very difficult because each stream must be subject to individual analysis in order to gain a clear perspective of the exploit's mission.
In addition, older legacy threats such as Conficker, SQL Slammer, and Code Red are still in circulation, and Dausin warns that "bringing out unconfigured machines on your network is still a great way to get compromised."
Machine-Solution.com
We enjoy helping our customers each and every day.