- Nov 5, 2011
- 5,855
.
Fragmented AJAX-based Web Exploitation Attacks Detected in the Wild topic here ..
Fragmented AJAX-based Web Exploitation Attacks Detected in the Wild: on PCworld.com: https://www.pcworld.com/businesscenter/article/247332/fragmented_ajaxbased_web_exploitation_attacks_detected_in_the_wild.html
Quote:
'Security researchers from Web filtering vendor M86 Security have detected Web exploitation attacks that use AJAX (Asynchronous JavaScript and XML) to fragment the payload into small pieces of code that are harder to detect by antivirus programs and intrusion prevention systems.'
'The attack starts on a page that contains an unsuspicious piece of JavaScript code that is similar to that commonly found on legitimate AJAX-using websites.'
'This code is responsible for fetching the payload in multiple chunks and assembling it back together on the client before executing it. Different pages found by M86 on the attack server exploited vulnerabilities in unpatched versions of Flash Player and Internet Explorer.
This payload fragmentation technique makes it harder for signature-based security programs to detect the attacks.'
'"This attack scenario definitely has its advantages: by passing the payload in several distinct chunks, the offending packets would likely avoid interception as they pass through the firewall," said Bogdan Botezatu, an e-threats analyst at antivirus vendor BitDefender.'
'.. users should keep their browsers and plug-ins like Flash Player, Adobe Reader or Java, up to date.
"Last, but not least, it is essential for the user to stay away from web resources they are not familiar with, such as URLs included in spam mail," Botezatu said.'
.
Fragmented AJAX-based Web Exploitation Attacks Detected in the Wild topic here ..
Fragmented AJAX-based Web Exploitation Attacks Detected in the Wild: on PCworld.com: https://www.pcworld.com/businesscenter/article/247332/fragmented_ajaxbased_web_exploitation_attacks_detected_in_the_wild.html
Quote:
'Security researchers from Web filtering vendor M86 Security have detected Web exploitation attacks that use AJAX (Asynchronous JavaScript and XML) to fragment the payload into small pieces of code that are harder to detect by antivirus programs and intrusion prevention systems.'
'The attack starts on a page that contains an unsuspicious piece of JavaScript code that is similar to that commonly found on legitimate AJAX-using websites.'
'This code is responsible for fetching the payload in multiple chunks and assembling it back together on the client before executing it. Different pages found by M86 on the attack server exploited vulnerabilities in unpatched versions of Flash Player and Internet Explorer.
This payload fragmentation technique makes it harder for signature-based security programs to detect the attacks.'
'"This attack scenario definitely has its advantages: by passing the payload in several distinct chunks, the offending packets would likely avoid interception as they pass through the firewall," said Bogdan Botezatu, an e-threats analyst at antivirus vendor BitDefender.'
'.. users should keep their browsers and plug-ins like Flash Player, Adobe Reader or Java, up to date.
"Last, but not least, it is essential for the user to stay away from web resources they are not familiar with, such as URLs included in spam mail," Botezatu said.'
.
