Sunday, April 3, 2016

Malware Can Be Hidden In Drive-By Download Exploits Using HTML5.




Hackers can use drive-by download method to install malware, spyware or computer viruses on victims computer. Most of these type of exploits are spotted by antivirus softwares, which made the attackers to think different techniques to hide their actions.
On 2013 a research was done and redone in July 2015. Researchers tested out their HTML5-based using VirusTotal antiviurs engines and used security bugs in Internet Explorer and Firefox
Developers use three different ways for confusing and clearing malicious code. These methods were successful  against static and dynamic analysis detection engines

  • Delegated Preparation –  Delegates the preparation of malware to the system APIs.
  • Distributed Preparation – Distributes the preparation code over several concurrent and independent processes running within the browser.
  • User-driven Preparation – Lets the user trigger the execution of the preparation code during the time he spends interacting with the page.
Researchers says that,”A further investigation revealed that this failure [to detect the obfuscated malware] was due to the inability of these [detection] systems  to  recognize  and  deal  with  HTML5  related  primitives.”

No comments:
Write comments