Malware Code Moving to Rich Content
As security pundits have been predicting literally since the dawn of the YouTube era, researchers report that they are now finding rapidly increasing levels of malware hidden in rich content formats, including PDF documents and multimedia files.
By employing cutting-edge obfuscation techniques to hide their attacks in PDF files and Flash content, cybercriminals will further stymie efforts to sniff out their work using traditional signature-based anti-virus systems, the report submits. For its part, Finjan preaches the use of more aggressive content monitoring tools, such as its own, to help address the issue.
While malware code obfuscation and the use of rich content platforms to deliver attacks are nothing new in and of themselves, the two trends are feeding off of each other and leading to the creation of more powerful threats that leverage both techniques, the researchers said.
Finjan highlighted the issue in its Malicious Page of the Month report, showing off an example of such a threat it found in the wild during August through which an attacker used a customized obfuscation method to exploit several already published vulnerabilities on a Web page to deliver up a Trojan via drive-by.
Upon submitting the Trojan for scanning on the VirusTotal.com clearinghouse site, only several engines identified the file as suspicious, yet, after de-obfuscating the code, a common exploit was exposed, the company reported.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.