Jump to content

Friends, we are happy to invite you to our NEW Global Kaspersky Club! Please follow this link www.kasperskyclub.com , sign-in and enjoy our new platform!

- - - - -

New class of highly evasive attacks

  • Please log in to reply
2 replies to this topic

#1 Helios



  • Members
  • Pip
  • 33 posts

Posted 05 June 2007 - 01:27 PM

Hi there,
I just read this press release and thought you might be interested in it too.

Bye bye

Evasive Attacks Cover Their Tracks to Avoid Detection
Recent findings by Finjan reveal that hackers have created a new class of highly evasive attacks. These attacks represent a quantum leap in terms of their technological sophistication, going far beyond drive-by downloads and code obfuscation. In order to minimize the malicious code’s window of exposure, evasive attacks keep track of the actual IP addresses of visitors to a particular website or web page. Using this information, the attackers restrict exposure to the malicious code to a single view from each unique IP address. This means that the second time a given IP address tries to access the malicious page, a benign page will be automatically displayed in its place. All traces of the initial malicious page completely disappear. The report provides examples of evasive attacks, along with the actual code used by the hacker to run them.

“Evasive attack techniques where malicious code is controlled per IP address, country of origin or number of visits provide hackers with the ability to minimize the malicious code’s exposure, thereby reducing the likelihood of detection. Moreover, evasive attacks can identify the IP addresses of crawlers used by URL filtering, reputation services and search engines, replying to these engines with legitimate content and increasing the chances of mistakenly being classified by them as a legitimate category,” said Yuval Ben-Itzhak, CTO, Finjan. “The combination of these evasive attacks with code obfuscation techniques significantly enhances the capability of sophisticated hackers to go undetected.”

Source: Finjan - Evasive Attacks Cover Their Tracks to Avoid Detection

Edited by Helios, 05 June 2007 - 03:16 PM.

The pursuit of truth and beauty is a sphere of activity in which we are permitted to remain children all our lives (Albert Einstein)

#2 Sjoeii


    Kaspersky Club Project Manager

  • Root Admin
  • PipPipPipPipPipPipPip
  • 4591 posts

Posted 05 June 2007 - 02:34 PM

Interesting read thanx.
Good example on how hackers and bad people always find new opportunities

#3 TonyW



  • Members
  • PipPipPip
  • 188 posts

Posted 06 June 2007 - 03:22 AM

Of course, if people wander off into the nether regions of the 'net... :hi: Stay away and one will be fine.