Tuesday, April 08, 2008

Polymorphic Exploitation

The emerging attacks by attackers which is dynamically changing each time a potential victim visits the malicious page is defying the traditional regular-expression and heuristic-based protection that identifies Web exploits at the network or host.

The attacker are very effective in creating a unique exploit with each request and making it impossible for signature-based protection engines to uniquely detect each attack instance.

The major driving factor for the attacker still remains Financial gain. Stealing personal data, hijacking Web transactions, executing phishing scams and perpetrating corporate espionage
are all motivators.

Traditional security techniques focus on stopping file execution and viruses at the client’s operating system (OS) layer. Unfortunately, it is far more difficult to protect users at the browser level. While some signature-based protection is able to detect one layer of Web exploit obfuscation, polymorphic exploitation will pose a new problem.

Proposed countermeasures for Web 2.0 and client side attacks include:
• Educating Web developers on the need for secure coding throughout the development lifecycle, with emphasis on input validation.
• Transitioning from finger-print or pattern matching protection to heuristics or behavior-based protection.
• Enabling protection engines to understand JavaScript just as the browser does.
• Utilizing feedback networks to analyze malicious Web sites, encourage remediation and improve content filtering at the browser level.

No comments:

Post a Comment