NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0407 Hackers Camouflage 100% of web attacks:
Hackers now mask virtually every web browser exploit as part of their normal procedure
to evade detection by security software, said IBM's X-Force research team in an online
IT journal. By the end of last year, according to Kris Lamb, director of X-Force,
nearly 100% of all web exploits were either self-encrypted or relied on obfuscation
techniques to make it difficult for standard intrusion detection and intrusion prevention
technologies to identify the attack code. "In 2006, we saw about 50% of web exploits
obfuscated or encoded," said Lamb, adding that, on average, 80% were camouflaged during
2007. "But that jumped to almost 100% by the end of the year." Improvements in network
security technology pressured attackers into hiding more of their browser exploits, and
doing a better job of concealing their work - largely by focusing on JavaScript, Lamb said,
notint that "more than any other technology, JavaScript is used to obfuscate and self-encrypt."
Lamb predicted that camouflaging will continue in 2008, with hackers increasingly adding
secondary scripting languages to their obfuscation and encryption portfolios. "They'll
start using other browsing scripting frameworks more - more vendor-tied scripts, like
Adobescript," he said. "We use to call the operating system the 'keys of the castle,'
but as exploits moved up the application stack and as the browser became the new OS, it's
now the keys to castle," he said.
(www.computerworld.com 12FEB08)