Some of the features introduced in HTML5 can be used to hide web-based exploits and help them evade security.
Researchers from the University of Salerno and the Sapienza University of Rome in Italy have used three different techniques to obfuscate exploits like the ones usually used in drive-by download attacks.
Functionality provided by HTML5 can be efficient for malware obfuscation, the Italians have proved.
Modern security software can detect a big chunk of threats, but if they use some HTML5 features to hide the exploits served in drive-by download attacks, they could evade static and dynamic detection systems.
