Hackers unleash 'insidious' crimeware attack

Security experts have warned of a crimeware attack that threatens to turn highly trusted websites into "insidious traps" for unwary visitors.

Finjan's Malicious Code Research Center said that more than 10,000 websites in the US were infected by this malware in December alone.

The attack, which the firm has designated 'random js toolkit', is an " extremely elusive" Trojan that sends data from infected machines direct to the malware author.

Stolen data can include documents, passwords, surfing habits or any other sensitive information of interest to the criminal.

The JavaScript toolkit is created dynamically and changes every time it is accessed. This makes it almost impossible for traditional signature-based anti-malware products to detect.

Yuval Ben-Itzhak, chief technology officer at Finjan, explained that signature-based detection for dynamic script is ineffective.

"'Signaturing' the exploiting code itself is not effective, since these exploits change continually to stay ahead of current zero-day threats and available patches," he said.

"Keeping an up-to-date list of 'highly-trusted/doubtful' domains serves only as a limited defence against this attack vector."

Ben-Itzhak added that the 'random js toolkit' is an example of the recent trend among cyber-criminals to undermine 'trusted' websites.

"Studies in mid-2007 showed nearly 30,000 infected web pages being created every day," he said.

"About 80 per cent of pages hosting malicious software or containing drive-by downloads with damaging content were located on hacked legitimate sites. Today the situation is much worse."

The 'random js attack' is performed by dynamically embedding scripts into a webpage, providing a random filename that can be accessed only once.

This dynamic embedding is done in such a selective manner that when a user has received a page with the embedded malicious script once, it will not be referenced again on further requests.

This method prevents detection of the malware in later forensic analyses.

See also:

New Year resolutions for security managers

Time to push security up the IT agenda  14 Jan 2008

Cyber-crooks target chat platforms

Unique threats soar in 2007  14 Jan 2008

MySpace page pushes fake Microsoft update

Dodgy profile hosting 'malware cocktail'  14 Jan 2008

Boeing 787 grounded over hacking fears

FAA concerned that passengers could hack flight systems  11 Jan 2008

Barclays chairman has identity stolen

Thief gets away with £10,000  11 Jan 2008

'Sick' new scam targets non-profits

Beware fake philanthropists  14 Jan 2008

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!