X
Tech
Home Tech Security

Hackers use evasive manuevering to escape detection

Security firm Finjan has released a report warning of malicious Web sites that restrict user access to avoid detection.
Written by Tom Espiner, Contributor
Hackers trying to host malicious code on otherwise innocent websites are using increasingly sophisticated techniques to avoid detection.

Once hackers have subverted a Web site, it is in their interests to minimize the malicious code's window of exposure to help prevent detection and subsequent blocking by security software, according to a research paper produced by Finjan, the web security vendor.

Finjan reports an increasing trend for "evasive" web attacks, which keep track of visitors' IP addresses. Attack toolkits restrict access to a single-page view from each unique IP address. The second time an IP address tries to access the malicious page, a benign page is displayed in its place.

Evasive attacks can also identify the IP addresses of crawlers used by URL filtering, reputation services and search engines, and reply to these engines with legitimate content such as news. The malicious code on the host website accesses a database of IP addresses to determine whether to serve up malware or legitimate content.

"URL filtering, reputation services and even search engines might mistakenly classify these sites as legitimate," said Finjan's report. "This minimizes the exposure of the malicious code to forensic analysis or security research, as there is just one opportunity for a visitor to actually see the code."

Editorial standards
Show Comments

Related

Linux Mint 10

I've tried a zillion desktop distros - it doesn't get any better than Linux Mint 22

Samsung Galaxy Z Flip 6 inner display next to Android figurine.

One of the best foldable phones I've tested is not from OnePlus or Motorola

TCL Tab 10 Nxtpaper 5G

One of the best budget Android tablets I've tested is not made by Samsung or Google