Cyber Criminals Use Combined Attacks to Bypass Anti-Virus

2010-07-13

According to the latest bi-annual report by M86 Security, there is a new threat emerging as cyber criminals begin using combined attacks leveraging Adobe's ActionScript and JavaScript languages to circumvent proactive detection mechanisms.

The report states that this new trend emerges as existing techniques for covering their tracks are becoming less effective for cyber criminals. This combined attack splits the malicious code between Adobe ActionScript language, built into Adobe Flash, and JavaScript components on the web page so that it is hard to detect.

Ed Rowley, product manager of M86 Security, said "Windows that host malware are used and are programmed to host the code. So a user goes to the site and can be infected, but it is hard to detect as the code can change between page visits. Using a behavioral analysis technique can pick up this, and traditional anti-virus does not pick it up. When downloading it might be two parts to execute, with half in the JavaScript and half in the website. We are definitely seeing a lot of this and finding it to be very successful."

Bradley Anstis, vice president of technology strategy, M86 Security states "Traditional methods such as spambots and dynamic code obfuscation are still very much in use. However the first half of 2010 has also seen the emergence of new advanced methods as seen in the new combined attacks. Cybercriminals continue to try and outsmart even the latest Internet security protection mechanisms. M86's latest Security Labs Report documents these and other emerging threats so that security professionals can improve and increase their precautions within their organizations. We offer a range of precautions and recommendations outlined in the latest Security Labs Report to help combat these threats."

Some key points featured in the latest report regarding the first half of 2010 reveal:

- Of the 15 most exploited vulnerabilities observed by M86 Security Labs, four involved Adobe Reader and five were for Internet Explorer.

- Mass Website infections continue to be a huge problem, as attackers use botnet malware, such as Asprox, to carry out automated mass attacks.

- Total spam output remains extremely high, as the major spamming botnet operations continue to operate largely unimpeded. Just five botnets are responsible for 75 percent of all spam.

During this period, email and Web threat volumes have continued to trend upwards. Significant new developments occurred in attempts to circumvent current security controls, and in the increasingly sophisticated attacks on organizations. Spam remains a major issue both for bandwidth concerns and as a malware vector. Read the full report here.